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1.0 INTRODUCTION 

Thls is Part III of the three-part COINS Long-Range Plan. 

Part I presented the COINS operations concepts as they are today, 
and as they are projected. to be in 1985 and in 1990. Part II pre- 
sented the COINS architecture in a similar fashion — as it is today, 
and projected to 1985 and 1990. Parts I and II of the plan were 
developed to provide the reader with an understanding of how the 
COINS PMO perceived the evolution of COINS during the 1950’s, and 
to provide a basis and direction for the COINS PMO planning, program- 
ming and budgeting activities. Part III, Technical Support Plan, of 
the COINS Long-Range Plan presents the program plans, resources, and 
schedules to develop and maintain COINS for the current fiscal year 
and five years beyond. 

1.1 Purpose 

The purposes of Part III of the COINS Long-Range Plan are: 

a. To support the COINS PMO planning, programming,, and 
budgeting activities and COINS-related planning, pro- 
gramming, and budgeting activities of the other 
organizations participating in COINS. 

b. To describe, for the COINS community and other inter- 
ested organizations j the development and acquisition 
of new and improved COINS capabilities. 

c. To provide the planned development, procur emen t, and 
implementation schedules for use by COINS participating 
organizations in scheduling their planned development, 
procurement, and implementation actions that may be • 
impacted by or impact on COINS. 

d. Io provide resource estimates to development and 

ma.inrain COINS . 
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1.2 Organization 

Section 2 of Part III provides a description of COINS. It 
contains much of. the introductory material of Parts I and II of the 
tang-Range Plan and is included here to provide the readers who had 

i 

I 

not read either Part I or Part II of the COINS Long-Range Plan with i 

a basic understanding of COINS. 1 

• | 

Section 3 presents major factors that were considered in devel- 
oping the TSP. Section 4 is a summary of the planning activities 
and resources included in Annexes A, B, C, and D. Finally, the 
Annexes provide the Technical Support Plans. 

Annex A - COINS Network and Project Management 
Annex B - COINS Network Resources 
Annex C - COINS Network Development 
Annex D - COINS Network Security 


C 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


2.0 BACKGROUND 

This section present!; the history of COINS development since 
1965, and projects its further development through the end of this 
decade. 

The objective of COINS is to serve the analysts of the intelli- 
gence community in retrieval and analysis of intelligence data. It 
% 

is operational as a communications medium between several of the data 
processing centers of the community and is in increasing use for data 
retrieval from these centers. 

However, its utility as a service to intelligence analysts is 
limited In many ways. Much Information which should be available via 
COINS is not available. Procedures for access are complex and there 
are many different procedures to be learned. Data processing services 
are very sparse. 

The COINS plan for development during the 1980's is to: 

• Widen the base of the network by increasing its data 
resources 

• Simplify, foirthe analyst, the procedures of retrieving 
data 

•• Provide assistance in processing of data once it is 
retrieved 

• Provide network-wide user services such as electronic 
mail and teleconferencing 

This initial section presents the history of COINS, and describes 

» 

the environment which bounds its development. The network originated 
In 1965 as an experimental, store-and-forward network, and became 
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operational In 1973. In 1974 It began a process .to upgrade from a 
store- and- forward to a packet-switched technology. The packet-switched 
network was declared operational as COINS II in 1977. Since then it 
has continued to evolve in scope and in service. 

The COINS environment: is the community of analysts , the data 
base systems extant and projected, the methods and procedures which 
COINS must adapt to, and other DoD networks with which COINS will 
interact. 

Figure 1 presents a general description of COINS as a set of 
functional rings : 

• The Communications Ring is the basic data transmission 
facility. 

e The Switching Ring contains the COINS packet switching 
nodes. 

e The Access Ring contains the devices which attach 
terminals and data processing systems to COINS, and 
through which COINS connects to other networks. 

e The Service Ring contains the COINS host systems, 
processing systems and services, and terminals 
Including those in other networks. 

Each of the preceding rings contains a set of communications or ser- 
vice functions, supported by an inner ring, and supporting an outer 
ring. 

• The User Ring . Outside the service ring are the users 
of COINS — the reason the four inner rings exist. 
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2.1 Current Status 

•• Six. computer systems are directly connected to the COINS II 
network— NSA KTE/TIPS, NPIC NDS, NSA SOLIS, the COINS PMO TAS, the 
COINS PMO Network Service Host, and the PACOM TAS (via the ARPANET 
Gateway) . Only the TAS— baaed systems can access SOLIS . 

NSA KTE/TIPS, DIA DIAOLS , the processors at ADCOM and PACAF, 
and, in the future, the Network Service Host, function as both server 
and user hosts, i.e., they provide information retrieval services for 
COINS users, as well as link their own user terminals to COINS, SOLIS 
acts only as a server-host. The COINS PMO TAS, the PACOM TAS, the 
PACOM IDHSC SWITCH, and the processors at SAC and IPAC support user 
terminal connections to COINS but provide no services to COINS users. 

NSA RYE/TIPS user terminals cannot interact with remote inter- 
active hosts. The COINS IX accessible files of RYE/TIPS will be in- 
stalled on the interactive PROJECTOR when they are to be moved to 
WINDMILL system; a Burroughs 7700 dual processor currently housing 
SOLIS. 

The NPIC New Data System (NDS) is connected to COINS by an 
adaptation of the TAS, called the Network Access System (NAS). Via 
the NAS, local NPIC terminals are currently able to work in batch 
mode with other COINS II hosts as if they were TAS terminals. During 
the first year of NDS operation with COINS, COINS II users will access 
NDS in batch mode only, although interactive capability exists. By 
the end of calendar year 1980 NPIC will offer both batch and inter- 
active services to COINS. 
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Network services between COINS and IDHSC continue to be l imi ted 
to batch transactions since the protocols and gateway software to 
handle interactive connections between COINS II and IDHSC have not 
been defined. 

2.2 Future Development 

To date, development of COINS has concentrated on communications 
systems in order to provide an instrument for remote access from a 
single point of entry (terminal) to intelligence data at several 
centers of storage (data base systems) . The access capability that 
now exists is constrained in some ways: 

• Some of the community data bases are not accessible 
fronT COINS terminals. Their host computers are not 
attached to COINS, or to a network which can be 
reached via COINS, or their security and need-to-know 
controls cannot be handled by COINS. 

• Access from some points is limited by the interface 
between user and COINS. For example, an analyst at 
an IDHSC terminal cannot access the SOLIS system. 

The necessary interactive protocols cannot be propa- 
gated through the gateway between IDHSC and COINS, 
and in many instances the analyst does not have the 
proper remote terminal. 

Removal of these constraints is a matter of resources and time. 
Most of them will disappear as older host systems are replaced, or 
as the present DoD network environment .evolves. 

Beyond mere access to data, the COINS users need help in other 
areas : 

• Learning procedures for data retrieval. The COINS 
us.-r is currently required to know where data is, 
and for each source of data, the language which must 
be used to extract, from it. 
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• Manipulation and formatting of data once extracted 
from the file is done by the host computer on which 
the file is stored.. Having retrieved data, the 
analyst must then resort to pencil and paper to 
reduce it to a form appropriate for the intended 
purpose. 

Present COINS provides little help in solution of these problems. 

It is projected that development of COINS during the 1980's will 
concentrate on the problem, of reconciling data formats and access 
languages. Some aspects of this problem are: 

• Multiple Retrieval Languages . In general, each data 
base is accessed by a language unique to that data 
base. The user may require information from several 
data bases, and is thus faced with the need to learn 
more than one language. 

Host System Autonomy . COINS hosts are designed and 
operated to serve local needs. COINS has low priority 
relative to these local needs, and must work out methods 
of adapting to them. 

Lack of Data Standards . There is no common methodology 
for data definition. Data is categorized, structured, 
and named in many different ways, depending upon who 
"owns” it.. To perform a complete search, the user 
must know all of the terminologies by which day may be 
referenced. 

• Community Turnover . The user population is dynamic. 

New users are constantly entering the community. 

There is a continuous and massive problem of training 
them in the nature of resources available, and the 
methods for their exploitation. 

• Security . There is no system for support of multi- 
level security. Access via COINS is restricted to 
the SI/TK level. Most of the potential intelligence 
community users are thus excluded from COINS. 

• Undefined Network Command Language . There is no agreed 
upon set of commands, or command "language", for ini- 
tiating and controlling network functions. 
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These problems have been under attack for some time. By the 
aid-1980' s useful techniques for their solution should be implement- 
able. 

The second problem, provision of data manipulation services for 


the user, requires a better understanding of the analysts job and 
what tools would be helpful in performing it. Studies are being made. 
By the latter half of the decade COINS should be in a position to 
support the user with hardware and software which assists in analysis 
of data once it has been retrieved. 

Development of functions within COINS will be influenced by 
expected changes in the COINS environment, among which may be cited: 

• Cost of Components . Current equipment costs Indicate 
. that centralized processing for many functions is 

economical. However, if these costs continue -to fall, 

•it may become efficient to distribute function execu- 
tion throughout the network. 

Advances in Security Methodology . COINS has been 
requested by ASD(C-^I) to cooperate with DCA in 
development of a community standard. Secure Network 
Front-End. Project BLACKER is under development. 

The Kemelized Secure Operating System (KSOS) is also 
under development. These efforts may have significant 
impact on the methodology of access to COINS. 

• Projected Increase in Traffic . Present Access Systems 
have fairly low capacity with respect to number of 
physical attachments which can be supported ("ports”) 
and throughput capacity. The projected traffic far 
exceeds these limitations. Increase of Access System 
capacity to meet traffic demand may force complete 
redesign of Access System structure and function as 
well as influence the future designs of the host sys- 
tems themselves. 
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• Network Access via Terminals . Most of the present COINS 
terminals are attached to hosts, and access the network 
through hosts. During the 1980's the trend will be to 
terminals which access hosts via a network. There will 
be a requirement for many Terminal Access Systems of 
very high capacity. 

• Terminal Evolution . Many of the community systems 
presently support only line -oriented, hardcopy termi- 
nals. Newer systems employ CRT terminals, and increas- 
ingly, "Intelligent" terminals. 

This trend to Increasing terminal functionality will 
obviously impact the methodology of network access. 

The COINS environment: includes other networks to which COINS 
will be connected. COINS itself is designed and operated to support 
U.S. intelligence agencies in the Washington, D.C. area. It either 
is or will be connected via "gateways" to a number of other networks; 


• ARPANET 

• PLATFORM 

• IDHSC 

• AUTODIN II 

• IAIPS 

Development of these projected internetwork connections will 
be governed by changes in the Defense Department network structure: 

• AUTODIN II will become operational as the DoD long- 
haul communications facility. 

• The present ARPANET will be significantly reduced in 
size and retained as a research facility. Many of 
its present hosts will become hosts of AUTODIN II . 




10 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


1 


Approved For Release 2003/08/18 : CIA-RDP83T00573R0001 00140001 -8 




• The DODIIS hosts within the Washington , D.C, area will 
become hosts of COINS. DODIIS hosts outside of Washington 
will use AUTODIN II. 

The Impact of these changes on COINS development will be manifold; 

• The COINS network will be expanded to support Washington r 
D.C. DODIIS hosts; specifically at DIA, NMIC, APIS, and 
NAVINTC0M. 

• New protocols such as File Transfer and Teleconferencing 
will be required. 

• COINS may be required to provide DODIIS interconnect ivity 
during the transition of IDHSC to AUTODIN II. 

• The TETRAHEDRON communications system, which is the 
base of the COINS subnet, may require expansion to 
include Andrews AFB, Suitland, Maryland and Fort De trick, 
Maryland, and to interface with AUTODIN II. 

• Increased traffic against the more heavily used COINS 
hosts must be anticipated and provided for. 

• COINS current use of ARPANET as a carrier to distant 
users will be replaced by AUTODIN II. 

• COINS itself may be a carrier between facilities in 
adjacent networks.. 

The COINS network, and each of the five networks to which COINS 
will be connected, is providing operational service to a unique 
family of users. Each network, including COINS, has its own set of 
established protocols and services. These are not easily changed 
without considerable cost as well as user hardship. It is planned 
that connection of COINS to another network will not : 

• Result in disruption of service to users in either 
network 

• Result in major changes in protocols and services 
in either network 
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• Result in major software reprogramming action In 
either network 

2.3 Background Summary 

The COINS network is being developed as a tool for cooperative 
effort in intelligence data processing. It is a vehicle for support-!- 
ing the individual efforts of some forty intelligence centers of the 
U.S. Government. 

These centers are autonomous. Each of them has its own criteria 
for type of data, method of processing, equipment for processing, 
security control, and every other conceivable parameter. COINS, 
which is the technological medium for interaction between them, must 
resolve the differences. 

It is obvious from preceding discussions that the data retrieval 
problems of the COINS environment are- not all solved, and that the 
solution in many cases may be a long time coming. Much of the COINS 
effort in this decade will be expended on these problems. 

Beyond the problems associated with data retrieval there are 
services which the network can provide. These must be defined to 
fit the needs of the analyst. The network can become a system for 
data processing which taps all resources of the community, at the 
analyst’s convenience, and provides him with the tools for effective 
use of them. 
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3.0 FACTORS INFLUENCING THE PLANS 

The following factors were considered in the development of the 
Technical Support Plans (Annexes A, B, C, and D) . 

3.1 Facts 

COINS will continue to supply services beyond that of a conduit 
for data transmission to the COINS users. These Include services 
that can be provided more efficiently by COINS than by the separate 
participating agencies; e.g., network access control, common query 
language (ADAPT), user support systems ; and information storage and 
manipulation services for those users homed on a TAS who cannot or 
do not have these services provided by their parent organizations . 

3 

ASD(C I), Executive Agent for the COINS program, has directed 

that: 

a. The TCP4/IP4 Host-to-Host protocol be implemented in 
COINS II, IDHSC II, AUTODIN II, and ARPANET as a first 
step towards achieving network interoperability. This 
will require modification to the IMP software and the 
Host Access System (HAS) . 

b. AUTODIN II will be used as the long-haul communications 
facility by the mid-1980's, therefore, COINS II will 

be required to use AUTODIN II as the preferred conduit 
providing services outside the Washington, D.C. area 
vice ARPANET or IDHSC II. 

c. The COINS PMO will work with DCA in the development of 
a community standard front-end. The use of this front- 
end by COINS could have a significant impact on the 
COINS Access System. 

The expanded COINS plus existing high turnover rate in COINS 
users, particularly in the military organizations, necessitates a 
continuing and increasing training work load. 
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3.2 Assumptions 

The COINS will continue through the 1980’s and be expanded to 
function as the local network for the Washington, D.C. area DODIIS 
host computers. DIA. has informally designated COINS as the local 
Washington D.C. DODIIS network. It is assumed that this designation 
will be made formally, and the host computers Involved will be iden- 
tified along with procedures on how these hosts will be treated; 
i.e., like the existing COINS hosts or in some special ways. Until 
the designation is formalized and the hosts identified, etc., plan- 
ning for the expansion cannot be completed. 

Access to COINS should be expanded to the analysts with less 
than TS-SI/TK who need COINS accessible information. This requires 
improved security procedures to preclude unauthorized disclosure. 




i 

i 
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4.0 SUMMARY OF TECHNICAL SUPPORT PLANS 

The objective of the COINS PMO is to provide, within available 
resources and other imposed constraints, the highest quality, secure 
services to the users of COINS and to the organizations who are the 
sponsors of COINS accessible resources — presently file sponsors. 

4.1 COINS Network Management 

To meet the objective, the COINS PMO must be aware of user and 

! 

sponsor needs that are not being satisfied adequately in order that 

j 

unsatisfied requirements can be addressed in the COINS program plan- 

' . -i 

ning and budgeting. For this reason, resources have' been programmed 

S 

to acquire a network management system (hardware and software) that 

t 

can monitor the status and performance of the hardware and software 

I 

that comprise the COINS network and its accessible resources. Also, 
the management system will collect and analyze information relative 

J 

to the usage of COINS and its accessible resources, and data relative 
to user acceptance and satisfaction of COINS. 

The COINS Network Management System comprises: 

• The Network Monitoring Subsystem (NMSS) - To collect 
and analyze status and performance data for operations 
and management 

• The Network Usage Information Subsystem (NUISS) - To 
collect and analyze data relative to resource usage 

• The User Reporting; Subsystem (URSS) - To collect and 
analyze data relative to user satisfaction of COINS 

The Technical Support Plan for COINS Network Management is presented 

in Annex A. 
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By the end of FT82 the Network Monitoring Subsystem (NMSS) will 
be operational in the BBN C/70 Network Control Computer (NCC) and 
the BBN C/70 Network Management Computer (NMC) . Also, the Network 
Usage Information Subsystem (NUISS) will be implemented on the Net- 
work Management Computer. The evaluation of the pilot User Reporting 
Subsystem (URSS) is scheduled to be completed by the end of FT82. 

FY83 through FY86 will produce enhancements to NMSS and UNISS, 
and the operational URSS trill be developed and implemented. 

4.2 COINS Network Resources 

The COINS-provided resources are the hardware and software in- 
cluded in the switching and access rings, and in COINS PMO-controlled 
service hosts computers in the service ring — see Figure 2. 

The switching ring includes the switches or Interface Message 
• Processors (IMPs) that perform the message assembly and disassembly 
functions for the access systems and perform the packet switching 
and control functions in routing data from origin to destination. 

The access ring provides the points of entry to COINS. Host computer 
access is through a Host Access System (HAS) ; terminal access (for 
terminals not housed on a host computer) is through a Terminal Access 
System (TAS); access from other networks is through a Network Access 
System (NAS) . 

Three COINS PMO DEC PDP 11/70 server host computers presently 
are planned: the Network Service Host (NSH) , the Technology Transfer 
Research Facility (TTRF) computer, and the User Support Information 

16 
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System (USIS) computer. These three service hosts axe also TASs in 
that they will also support access to COINS from attached terminals . 

In addition to the basic software for access system functions, 
many other COINS-provided resources are being developed to satisfy 
known user requirements. They include: 

ADAPT — A COINS network uniform query language 

to provide an alternative to using the 
many separate query languages of the 
several server hosts. 

USIS - User Support Information System, to 

provide on-line user training and user 
guides . 

NVT - Network Virtual Terminal, to provide 

for a wide range of terminal types to 
access COINS host computers without the 
need to implement the many terminal 
handler routines in the host computers. 

TCP/IP - Transmission Control Protocol/IP is the 

DoD standard host-to-host protocol and 
internet protocol. 

FTP - File Transfer Protocol, to provide an 

efficient way to transfer large volumes 
of data between host computers. 

Priority /Precedence - To provide the mechanisms to assure that 

the users who have the most urgent need 
to access COINS during crisis situations 
will not be locked out by less urgent 
usage. 

By the end of FY82 the present Honeywell H316 IMP will be re- 
placed with BBN C/30 IMPs and TASs will be installed at NAVINTCOM, 
DIA, Lawrence Livermore Laboratories, and State. ADAPT-II will be 
operational and ADAPT— III will be implemented for evaluation at the 
end of FY82. Also, USIS will be under evaluation and TCP will be 
implemented. 
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By FY86 NASs will be Installed for the IDHSG and PLATFORM networks, 
a HAS will be installed, for the WINDMILL host computer, a Data Base 
Management System will be implemented in one or more of the COINS FMO 
Service Hosts, ADAPT-III will be operational, USIS with a Computer 
Aided Instruction system will be available, TCP and NVT will be oper- 
ating, and Priority/Precedence will be Implemented. 

4.3 COINS Network Development 

Network development is, for the most part, technology transfer; 
i.e., evaluating existing or developing tools and techniques to deter- 
mine if they would make valuable additions to the COINS. Development 
within COINS will occur only if a critical need exists that cannot be 
satisfied by adopting or adapting an existing or developing resource 
from outside COINS. In either instance .an evaluation of the capa- 
bility is made to determine 'its usefulness and to determine how the 
capability can be used or how it should be modified to make it useful. 

Presently planned development activities include: 

MMRP - Man-Machine Relationship Program, is being 

funded by ARP A. The COINS will be used as 
a test bed to evaluate the evolving hardware 
and software planned over the next several 
years. 

RITA - Rule-Directed Interactive Terminal Agent, is 

a system to develop "agents" to perform tasks 
for the users. The system was designed to 
allow for changes to be made to the agents 
by persons not knowledgeable in computer 
programming. 

GRAPHICS - Is a development activity to determine if 

computer graphics is useful, and where and 
how it would be useful in the COINS user 
community. 
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Test Editing/ - Is a development activity to determine If 

Word Processing and where these capabilities would be useful 

to the COINS user community. Preparing mes- 
sages for electronic mail, report (product) 
preparation, and preparing on-line user 
guides and training aids are potential appli- 
. cations. 

Annex C is the Technical Support Plan for the COINS Network 
Development. 

By the end of FY82 the evaluation of the electronic desk (ED-1) 
of the MMRP will be completed with recommendations relative to its 
future in the COINS community. 

By FT86 a computer will be installed at one of the intelligence 
schools to support technology transfer and development projects and 
the MMRP evaluations will have been accomplished on many evolving 
capabilities. Also, the evaluations of RITA, GRAPHICS, and Text 
Editing/Word Processing will have been completed and recommendations 
made on if, where, and how they may be applied in the COINS user 
community . 

4.4 COINS Network Security 

COINS Network Security including need-to-know controls is con- 
cerned with adapting and developing tools, techniques, and operating 
procedures to ensure that the data within COINS is protected from 
unauthorized disclosure. The following programs have been identified 
as potentially useful to enhance COINS security. 

KSOS — Kemelized Secure Operating System, is an approach to 
provide users access to a system without the need for 
all users to have system-high clearances. The COINS 
PMO is participating in the test and evaluation of KSOS. 
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BLACKER - Is an NSA project' to provide for end-to-end encryption 
of data passed through a network. Initially, BLACKER 
is considering the user terminal to a distant host 
portion of the problem. Host-to-bost will be accom- 
plished later. 

Multi-Jurisdiction Security Controls - Is a procedure where all 
users (Internal and external to COINS) will be regis- 
tered on a COINS Access System. The registration 
will include the host systems, files, and other re- 
sources for which each user has been granted access. 
This procedure cannot be fully implemented until all 
COINS access is through either a IAS, HAS, or NAS. 

SNFE - Standard Secure Network Front End, is a Defense Com- 
munications Agency project to develop a standard 
front end for all DoD packet switched network host 
computers. ASDC^I has requested the COINS PMO to 
participate in the SNFE design and development. 

User I.D. Authentication - Is the constant assessment, evalua- 
tion, and where appropriate, the implementation of 
techniques to authenticate legitimate users. 

TAS/NAS Software Encryption - Is a project to determine how 

software encryption can improve security and how it 
should be implemented. 

File/Output Labeling - Is the development of procedures to 

assure that files and other output is properly labeled 
relative to security classification and compartments. 

Annex D is the Technical Support Flan for COINS Network 
Security. 

By the end of FY82 the evaluation of KSOS, BLACKER test, and 
TAS/NAS Software Encryption will be completed. The COINS Access 
System designs of 1984 and beyond will reflect' the Integration of 
concepts embodied in BLACKER, KSOS, and other ongoing security /NTK 
developments. By the end of FY86 the BLACKER applications, Multi- 
Jurisdiction Controls, and improved File/Output Labeling will have 
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been implemented. The design of the SNFE will be completed and will 
have replaced the COINS HAS. Also, secure multi-level security 

access twill be capable of being demonstrated. 

. .* 

4.5 Resource Summary 

The following tables summarize the funds for the COINS PMO main- 
tenance and development programs. The resources are shown for O&M, 
Procurement, and RDT&E, by Annex for fiscal years 1980 through 1986. 
Summary tables present the funds for O&M, Procurement, and RDT&E for 
fiscal years 1980 through 1986 for all annexes followed by a summary 
table for all funds categories for Annexes A, B, C, and D for fiscal 
years 1980 through 1986. The last table presents the COINS PMO staff 

requirements. . . 

FUNDING SUMMARY 
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GLOSSARY • "• .f". 


Following is Che glossary of terms which has been developed 
from the combined annexes tor the long range plan. 


1822 -• 

BBK Report 1822* "The specification of the Interconnection of a Host and 
and IMP”. The specification of Interface between a host and the ARPANET. 


Access Authorization 

The permission to access a Coins element and the constraints (if any) 
placed on the access. Examples of constraints include the familiar access to 
read only* access to excute, etc. Access authorization may be placed on any 
COINS object* application* file* program* or device. 

Access Control 

The tasks Imposed on a network or any of its components* performed by 
hardware* software, administrative controls* to control usage of the system. 
Included are: monitoring system operation, insuring data integrity* user 
identification* recording system access and changes* and granting user access. 

Access Method 

The technique and/or the program code in a computer* operating system 
that provides input/output services. 

Access Time 

1. Tne time interval between the instant at which data are called 
tor from a storage device and tne Instant delivery begins. 

2. The time interval between the instant at which data are requested 
to be stor_e.d and the instant at which storage is started. 

ACK ' 

A control bit (acknowledge) occupying no sequence space* which indicates 
that the acknowledgement field of this segment specifies the next sequence 
number the sender of this segment is expecting to receive* hence 
acknowledging receipt of all previous sequence numbers. 

ACS I ' 

Assistant Chief of Staff Intelligence (Army/Air Force) 

Aerospace Defense Command* Colorado Sprinqs. 

ADAPT 

arpa Data Base Access and Presentation Terminal system. A common query 
language (UDL) being developed in phases by Loglcon. Inc. It will provide 
(in its later phases) a common language that can be used to query any file 
on COINS. Adapt (Phase I) is a feasibility demonstration of the UDL to 
target language transforms. 

ADCCP 

Advanced Data Communications Control Procedure developed by ANSI. It is 
a bit oriented protocol. 

ADP 

Automatic Data Processing 


ADP System Security 

■ Includes all hardware/software functions, characteristics, and features 

~~ 'operational procedures, accountability procedures, and access controls at 
the central computer facility, remote computer and terminal facilities ,and 

C ' - ■ 
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and the management constraints# physical structures ,and devices; personnel 
and communication controls needed to provide an acceptable level of 
protection for classified material to be contained in the computer system. 


State Department Automated Document System. 

AFIN 

Air Force Intelligence, Pentagon. 

AIRES 

Advanced Imagery Requirements and Exploitation System. 

Alternate Routinq 

An alternative communication path used if the normal one Is not available 
. There may be one or more alternative paths. 

Analysis 

The metnodical investigation of a problem, and the separation of the 
problem into smaller related units for further detailed study. 


American National Standards Institute. 

An/Gyq-21 (V) 

A digital equipment corporation (DEC) PDP-11 -series minicomputer. 


Application 
A term use 
SOLIS...); The 
queries. (This 
a host and the 
to remind the 
have two or mo 
resident on it 
referred to by 


d to denote a COINS 
object to which use 
term is deliberatly 
system (applications 
user that a given se 
re COINS aoplication 
. Sometimes called a 
the host on which t 


data retreval system (e.g. ISS, TIPS, 
rs are connected In processing interactive 
chosen to make clear the separation of 
1 now on the host. It is also intended 
t of hardware (a host e. q. NSH) may 
s (systems) (CNCC, ADAPT I, etc 
"system" (ISS, SOLIS); sometimes 
he application resides (RYE,DIAOLS) • 


ARPA 

Advanced Research Projects Agency of the United States Department 
of Defense. Also DARPA. 

ARPANET 

The network set up by ARPA. A pactcet switching intercomputer network 
developed by ARPA. ARPANET is now managed by the Defense Communication 
Agency. 

Arpanet Message 

The unit of data transmission between a host and an IMP in the ARPANET. 
The maximum size is approximately 8096 bits. 

ARPANET Packet 

A unit of transmission used in the ARPANET between IMPS. The maximum 
size is approximately lOOfi bits. 

ASCII 

American Standard cede lot Information Interchange. This is a seven-bit" 
plus parity coae established by the American National Standards Institute 
(formerly American Standards Association) to achieve compatibility between 
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data services*. Also called USASC1I. "" 

Assistant Secretary ot Defense for Intelligence, "Now AS0C3X for Command 
Control Communications 'and Intelligence; ~ • ~ - r ~ r -' • ’ 

ASSIST- ^ ■: 

Army Standard System tor Intelligence Support Terminals*. 

ATSS . ~ ■ - 

Analyst Terminal Support System. 

Authorization . ~ ‘ ... 

A representation of a users right to access specific files or specific 
information in a file? in general the purposes for which a user has a right 
to access an application. _ 


AUtodin II — ----- -*i- •• - • - 

Automatic digital information networlcCDept of Defense). This is a packet 
switched network scheduled to replace Autodin I in the mid-1980*s. _ 

Batch Processing ~ ~ 

1 . Pertaining to the technique of excuting a set of computer programs 
such that each is completed before the next program of - the set is started. 

2. Pertaining to the sequential input of computer programs or data. 

3. Loosely, the excution of computer programs serially." 

BAUD - 

A unit of signalling speed equal. to the number of discrete conditions or 

signal events per second. For example, one baud equals one — half dot cycle_ 
per second in Morse code, one bit per second in a train of binary signals 
,and one 3**bit value per second In a train of signals each of which can 
assume one of eight different states*. ~ - > 


Binary Syncnronous Communication (BSC) 

A uniform discipline, using a defined set of control characters and 
control character sequences, tor synchronized transmission of binary coded 
data between stations in a data communications system. _ 

Birddog . . 

A device used in Platform to do error detection and retransmission 
at both ends of the communication line between a directly connected "Host" 
or "Front End" and an IMP. . 

Prototype secure communication system. A program to develop new security 
protection techniaues on packet switched networks. 

Buffer 

1. A routine or storage used to compensate for a difference in rate of 
flow of data, or time of occurence ot events, when transmitting data from 

one device to another. “ , ■ . . 

2. An isolating circuit used to prevent a driven circuit from influencing 

the driving circuit. 


CATENET 
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This term means roughly the collection o£ paeket networks which are 
connected together* It is further defined as a confederation of 
cooperating networks. 

. cai ' ’ •. • 

Computer Assisted Instruction. 

CAMS 

Comirex Automated Management System. 

Capability ...... 

Application Capability 
Application Component Capability 

A specification of the constraints on access. Within the range of 
POSSIBLE modes of access for a particular "object"# if it defines what 
is permitted. (Mote that the application and component are 
application-defined. 

CAS 

COTNS II access systems consisting of NAS, HAS# or TAS, 

Channel 

The logical path connecting user to hosr, or host to host. Circuits 
may be multiplexed to support several channels- conversely, an channel 
may be distributed over several . circuits. 

Circuit 

The basic physical patn over whieh information travels. 

Circuit Switching 

A method of communications where a dedicated channel or -circuit between 
calling and called stations is establisned on demand for exclusive use 
until the connection is released. Each data path is estableshed between 
two nodes by switching a data circuit for the duration of tne need. 

CMSS 

Communication Monitoring Sub-System. (NSA Deckroof program.) 

C0I 

Community of Interest, 

cncc 

COINS Network Control Center. The installation and organization 
responsible tor monitoring the current behavior of a network and Initiating 
the repair of failed elements? primarily tor failure reporting and 
accumulation of statistics. 

CNMS 

COINS Network Management System. A multi-faceted COINS program to develop 
and evaluate network usage and monitoring information. 

COINS 

Community on-line Intelligence System. 

COINS I 

This refers to the COINS Network which is continuation of the 
experimental Coins network that has been in operation tor several years. 

COINS II 

COINS II is a upgraded COINS to provide needed improvements in COINS I 
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primarily to adapt the ARPANET pacieet switch technology. 

COINS PMO 

COINS Project Management Office 
Commonality 

(DOD) A quality which applies to material or systems possessing like 
and interchangeable characteristics enabling each to be utilized or 
operated and maintained oy personnel trained on the others without 
additional specialized training? and/or having interchangeable repair 
Darts and/or components? and applying to consumable items interchangeably 
equivalent witnout adjustment. 

Communications computer 

A computer that acts as the interface between another computer or terminal 
and, a network, or a computer controlling data flow in a network. 

Communications control character 

A functional character intended to control or facilitate transmission 
over data networks. There are ten control characters specified in ASCII 
which form the basis for character-oriented communications control procedures 
• See also control character. 

Compartmented Intelligence 

Intelligence material having special controls 
indicating restrictive handling for which systems of segregation or 
handling are formally established. 

Compatibility 

(DOO) Capability of two or more items or components of equipment or 
material to exist or function in the same system or environment witnout 
mutual interferences. 

Computer Application 

That portion of an application which is performed by a computer. 

Computer Network - 

An interconnection of assemblies of computer systems .terminals and 
communications facilities. 

Comsec 

Communications Security 
Connection Protocol 

A procedure for establishing a communication path between two processes. 
Connect time 

A measure of system usage by a user, usually the time interval during 
which the user terminal was connected to a process in a computer, i.e. 
between log on and log off. 

Connectivity 

Basic network communication and interconnection between processes. 

Achieved by backbone communications network as transport facility, supoporting 
linkage protocols (standard), and the use of standard internetwork gateways 
to adapt differences in network technology or protocols to support 
communications between processes within different networks. 

CONTEXT 

A teleconferencing system which is primarily devoted to document 
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preparation. ; 

Control Cnaracter • 

1. A character whose occurrence in a particular contexY initiates 
, modifies or stops a control function. 

2. in the ASCII code, any of the 32 characters In the first two columns 
of- the stanaard code taole. See also: Communications Control Character. 

Control Procedure 

The means used to control the orderly communication of information between 
stations on a data link. 

Conversational 

Pertaining to a mode of processing that involves step-by-step interaction 
between a computer and tne user at a terminal. I 


Conversational mode(also Interactive mode) 

The interaction between a user and a specific system process in which an 
association, or connection, i« maintained between the usere and the process 
for the entire duration of information interchange. The duration of the 
connection is referred to as a "session' and tne exchange of information 
ceases when the session is terminated. 

CPU 

Central Processing Unit. 

CrosstaK 

The unwanted energy transferred from one circuit, called the 
"disturbing" circuit, to another circuit, called the "disturbed" 
circuit. 

CRT 

Cathode Ray Tube 
CUPA 

Coins Usage and Performance Analysis. 

CUSP 

COINS User Support Panel. 

DARPA 

Defense Advanced Pesearch Prelect Agency. 

Data Rase 

1. The entire collection of Information available to a computer system. 

2. a structured collection of information as an entity or collection 
of related files treated as an entity. 

Data base processing 

The storage of quantities of information, in one or more forms, 
available to the network and its users. 

* 

Data Communications 

The interchange of data from one point to another over 
communications channels. See Also : Data Transmissions. 

Oata Communication Equipment 
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^ The equipmeiit that provides the functions required to establish, maintain 
and terminate a connection, tne signal conversion, and codinq reaulred 
for communication between data terminal equipment and data circuit. The 
data communication equipment may or may not be an integral part of a 
computer; e.g., a modem. 

Datagram 

A pacicet of information which is carried to its destination without 
reference to any other pacicet, or prior establishment of a data path. An 
Internet datagram is the unit of data exchanged between a pair of internet 
modules. 

Data Integerity 

A performance measure based on the rate of undetected errors. 

Data Transmission 

The sending of data from one place for reception elsewhere. Compare with 
DATA COMMUNICATION, 


Director of Central Intelligence. 


DOCMP 

Digital data communications message protocol. A uniform discipline 
for the transmission of data between stations in a point-to-point or 
multi-point data communication system. The metnod of physical data transfer 
used may be parallel, serial synchronous or serial asynchronous. (DEC) 

DIAOLS 

Defense Intelligence Agency On-line System. Also the name of the 
retrieval language used on the system. 


DIA Defense Intelligence School. 

DOO 

Department of Defense. 

DOD Intelligence information system (DODIIS) 

That confederation of defense organizations and activities employing 
manpower , automatic data processing equipment and techniques, and associated 
telecommunications assets which support the U. S. Defense intelligence 
System. 

Duplex Channel 

A cnannel providing simultaneous transmission in both directions. 


Error Correction Unit. Also referred to as BIRDD0G. 

End-to-end encryption 

Data encrypted at the originating node is not decrypted until it 
arrives at its final destination. 

End to end protocol 

Denotes procession one computer) to process Con another computer) 
communication via virtual circuit. 
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EOL 

A control bit (End of letter! occupying no sequence space indicating 
tnat this segment ends a logical letter with the last data octet in the 
segment. It this end of letter causes a less than full buffer to be released 
to the user and the connection buffer- size is not one octet then the 
end-of-letter/buf f er-slze adjustment to the receive sequence number must 
be made. 


Ethernet 

A high-speed communications system using a snared coaxial cable. 

Developed by Xerox Palo Alto Research center. 

Eucom AIDES 

European command Analysts Intelligence Display and Exploitation System. 

FICPAC 

Fleet Intelligence Center Pacific, located at Makalapa, Hawaii. n of the 

Also the location of the 10HSC Pacom Switch. 


Flow control (Across a connection! 

The function by whicn a unit: of data is accepted only when it can be 
transferred across the connection. 

Freauency Division Multiplexing (FDMJ 

Dividing tne available transmission frequency range into narrower bands 
each of which is 1 used for a separate channel. 

Front-End Processor (FEPJ 

A computer which, is used to interface between a host computer and the 
network. 

FTD 

Airforce System Command Foreign Technology Division in Dayton. Ohio. 

FTP 

File Transfer Protocol. The protocols necessary to transmit a entire 
file from one host system to another. 

Fundamental Protocols 

Concerned with the mechanics of communication between network components. 
Multii-level structure for functional modularity. Isolate user level processes 
from communications details. Support base tor the network security and 
network management. 

Gateway 

The pnyslcal and logical Interface between networks. The principle 
function of tne gateway is the transformation between protocols of different 
networks. In IDrtSC II. the term 'Gateway' has a different meaning. Every 
Interface to the idhsc II ROUTEP is referred to as a gateway. 


H316 

The Honeywell 316 {« computer currently used for IMPS). 

t 

Hardware 

The physical equipment cr devices forming a computer and peripheral 
equipment. 

( 
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Harmonization ' ' 

COOD) Tne process and /or results of adjusting differences or 
inconsistencies to oring significant features into agreement. 

H<a<1 The control Information prefixed in a message text, e. source or 

destination code, priority , or message type. 

Heterogeneous tComputer) Network „ 

a network of dissimilar host computers » such as those of different 
manufacturers. At least one nodal processor has characteristics that are 
incompatible with those of tne other nodes. Compare: Homogenous Network. 

' The host system through which a user ordinarily enters the COINS 
network. For many users, a TAS is their home-host; however, any computer 
system providing terminal user support in the COINS network is the 
home-host of tnose users "kncrwn" to it. 

Homogeneous (Computer) Network _ . . ' 

A network of similar host computers such as those of one model of one 
manufacturer. All nodal, processors are directly compatible with regard _ 
to such characteristics as data transmission code, instruction set, and other 
factors which affect the ability of nodes to share data, program files, etc. 

A computer attached to a network providing primarily services 
as computation, data base aceess or special programs or programming languages. 

Host Interface . , . 

The interface between a communication processor and a host computer. 

Integrated Automated Intelligence Processing System. IMPS is a 
modernization program to integrate Navintcom systems in support of command 
requirements through tne I980*s. 


1CA 

Information and Communications Applications Inc. 

ICP 

Initial Connection Protocol. 

1. The process of providing oersonnel, egulpmrnt, or organizational 
characteristics or codes to gain access to computer programs, processes, 

2. The process of determining personnel, egulpmrnt, or organizational 
characteristics or codes- to permit access to computer programs processes , 
tiles or data. 

IDHS 

Intelligence Data Handling System 


IDHSC 


Intelligence Data Dandling Dystems -Communications. 


IDHSC I 
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The- store-and-forward network managed by DIA which connects major DOD 
intelligence organization computer systems*. 

IDHSC II • 

The- new packet switcned IDHSC network which will include both batch 
and Interactive protocol. 

IIS 

npic Integrated Information System. The original NPIC COINS host* 


IMP 

Interface Message Processor. The IMPS are used both as store*and 
forward elements at the nodes of the communications network and as Interfaces 
between tne network and tne host computers. The original IMPS were Honeywell 
H516 computers, slightly modified. For economy, H316 computers were later 
used. A microprocessor version of the IMP is under development. The new 
IMP is based on the BBN Mieroprogrammaole building block(MBB). High 
performance PLUPIBUS imps are also in use. 

Information 

1. An encompassing term including text, data, amd graphic images. 

2. Data organized to convey knowledge. 


Information Interface 

A logical Interface implemented at 
level. 


the application, or user information. 


Information network 

A system of logically compatible information processing systems all 
Interconnected by a communications network. 


Information processing 

The manipulation of Information to produce the desired results. 


INI 

COINS Intelligence Network Interface. Front end processors used 
to interface the batch UNIVAC 494 r s at NPIC and NSA to COINS II IMP. 

Initial Connection Protocol (ICP) 

The otfical Arpanet Initial Connection Protocol as specified In NIC 
Document Number 7101.. 

INR 

State Department Intelligence and Research Division Information Handling 
System. 

Intelligence 

Intelligence is the product resulting from the collection, evaluation 
, analysis, integration, and interpretation of all information concerning 
one or more aspects of foreign countries or areas, which is immediately 
or ootentially significant to the development and execution of plans, 

, policies and operations. 

Interactive 

Pertaining to exchange of information and control between a user and a 
computer process, or between computer processes. 

Interchangeability 

(DOD) A condition which exists when two or more items possess such 
functional and physical characteristics as to be equivalent in performance 
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and durability, and one capable of being exchanged one for the other without 
alteration of the items themselves or of adjoining items, except for 
adjustment, and without selection tor fit and performance. 

Interconnection ' 

(DOD) The Uniting together of interoperable systems. 

Interface (LOGICAL) 

1.. Composed of a hierarchical set of protocols that are used to 
support communications between networie processes. 

2. A logical boundary between protocol layers. 

Interface 

1. A shared boundary defined by common physical interconnection 
characteristics , signal characteristics, and meanings of interchanged 
signals. 

2. A device or equipment maxing possible interoperation between two 
systems, e.g., a hardware component or a common storage register. A physical 
interface. 

3. A shared logical boundary between two software components. 
Interface-Layer 

The collection of specialized terminal access systems (TAS), COINS 
network front -ends, and server-hosts playing a home-host role for some 
users. The term arises from thinning of the network having a basic 
communication function (the "subnet" layer made up of the IMPS and 
communications lines), an Interface layer (the TAS, CNAS, FE's, etc.), and 
a service layer (the Service hosts, windmill, nOS, etc.). 

Internetdatagram Protocol 

Defines control functions required to support 'internetwork communications 


Interoperatability 

(DCD/NATU) The ability of systems , units or forces to provide services 
to and accept services from other systems, units or forces and to use the 
services so exchanged to enable them to operate effectively together. 

(DOD) The condition achieved among communications-electronics systems 
or items of communications-electronics equipment when information or 
services can be exchanged directly and satisfactorily between them and/or 
tneir users. The degree of interoperability snould be defined when referring 
to specific cases. 

IPC 

The COINS network identifier for the Intelligence Center Pacific 
IDHS host computer. 

IOC 

Initial operational capability. y. 

IP 

Internet Protocol. This protocol provides a way for the TCP to send and 
receive variable-length segments of information enclosed in internet 
dataaram "envelopes". The internet datagram provides a means of addressing 
source and destination TCPs in different networks. 

ISC 

CIA Information Science Center. A part of the CIA office of Training. 

ISS 
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DIA Interactive Support Sytem. 

I/O 

Input/Output 

. „ - * . 

KG34 

Cryptographic device. 

KWS 

Kiloword seconds. 

Letter 

A logical unit of data, in particular, the logical unit of data 
transmitted Between processes using TCP. 

LH/DH 

Local Host/Distant Host IMP interfacing unit. 

LHMSS 

Local Host Monitoring Subsystem. One of the projects included in the 
COINS Network Management System(CNMS) . 

LINK 

1. Any specified relationship between two nodes in a network. 

2. A communicationm path between two nodes. 

3. A data link. Also: Line, Circuit, Virtual Circuit. 

LLL 

Lawrence Livermore Laoorities. 


Login (Logon) 

A user access procedure to a system involving identification, access 
control and exchange of network Information between user and system. 


Logout (Logoff) 

a user exit procedure from a system often providing usage statistics 
to the user. 

Lost 

The Lost system of COINS provides a measurement of the networks's 
performance in terms of completed messages and messages that are lost. 

LHP 

Long Pange Plan. 

NBB 

Microprogrammaoie Building Block 
MBS IMP 

An mbs , including I/O board and microcode or IMP i/o functions, which 
emulates an H316 IMP. Developed by BBN. 

MCCU 

autodin ii Multiple Channel Control Unit 
Message 

1. A communication mostly in words intended to be read by a person. 

2. A message is a self-contained logical and physical unit of information 
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transmitted between a source and a destination. It may be subdivided into 
blocks or packets. It has a logical relevance to a source and destination. 
Messages are analogous to a shipment ot goods where packets 
or blocks would represent the freight 

cars. Routing and other control information is contained within the message 
header and trailer data wnicn is added at the origin and 
remains unaltered until it: reaches its destination. 

MITREBUS 

A high speed communications system using a shared coaxial cable employing 
CATV technology. Developed by Mitre Corporation. 

MLS 

Multilevel Security. 

Modem (MOdulator-Demodulator) 

A oevice tnat modulates and demodulates signals transmitted over 
communication facilities. 

Module 

An implementation, usually In software, of a protocol or other process. 

MMRP 

Man Machine Relationsnip Project. An ARPA sponsored program to improve 
human Interface to computers. 

M5L 

Maximum Segment Lifetime, the time a TCP segment can exist in the 
internetwork system. Arbitrarily defined to be 2 minutes. 

Multi-Level Security Mode 

A mode of operation under an operating system/ supervisor or executive 
program) wnicn provides a capability permitting various levels and categories 
or compartments of material to be concurrently stored and processed in an 
ADR- System, in a remotely accessed resource-snaring system, the material 
can be selectively accessed and manipulated from variously controlled 
terminals by personnel having different security clearences and access 
approvals. This mode of operation can accommodate the concurrent processing 
and storage ot; A) 2 or more levels of classified data, or B) 1 or more 
levels of classified data with unclassified data depending upon the 
constraints placed on the systems by the Designated Approving Authority. 
(Section V.C, DOD Directive 5200.28). 

NAS 

COINS II Network Acess System. A COINS internet gateway. 


HAS/FE 

A ho st -COINS Access system, 

t 

Navintcom 

Naval Intelligence Command. 


NCC 

Network Control Center. The installation and organization responsible 
for monitoring the current behavior of a network and initiating the repair 
of failed elements; primarily for failure reporting and accumulation 
of statistics. Currently the network control computer is a H316 which 
collects real time status information on the COINS II network. 
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Network Control Program. THe program in a host which handles the linie 
to the Imp and controls communications between processes in the Host and 
processes elsewhere in the network. ' 


MSA national Crytologieal School. 


NPIC New Oata System. The new NPIC COINS host. 

Ned 

A ? rt text editor developed by BBN under contract to the Rand Corporation 
•It is used with a CRT terminal to prepare and modify documents# letters# 
messages, and computer programs. 

NEED TO KNOW (NTK) 

An informal ( up to each 'individual user or agency to determine the 
requirements for disclosure) basis tor determining whether or not authorized 
access to Information to individuals whom are otherwise properly cleared. 

Network 

1. An interconnected or lnterelated group of nodes. 

2. In connection wltn a disciplinary or problem oriented qualifier, 
the combination of material# documentation# 'and human resources that are 
united by design to achieve certain objectives# e.g.# a social science 
network# a science information networie. 

Networie Control Program (NCP) 

That module of an oDerating system in a host computer, which establishes 
and breaks logical connections, communicating with the network on one side, 
and with user processes within the host computer on the other side. 

Network Processing 

The movement of information among information processing and data base 
processing components. 

Network Security 

The totality of measures taken to protect a network from an unauthorized 
access, accidental or willful interference with normal operations# or 
destruction. Tnis includes protection of physical facilities# software, and 
personnel security. See also: PRIVACY. 

Network Topology 

The geometric arrangement of links and nodes of a network. 

NIC 

1. National Indication Center(obsolete-now merged with NMIC)> 

2. Naval Intelligence Command. 

NIPSSA 

Naval Intelligence Processing System Support Activity. 

NMIC 

National Military Indications. Center 
NMSS - ~ 

COINS Network Meniterring Subsystem. A replica of the arpa Network 
Control center computer system and a component of the COINS Network 
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Management System. (CNMS) 

Mode 

An end point of any branch of a network, or a junction common to two 
or more branches of a network. 

HOSC 

Naval Ocean System Center In San Dleqo. 

NOS1C 

Naval Ocean Surveillance Intelligence Center in Suitland, M0». 


National Photographic interpretation Center 


Networks Project Management Office (NSA)> 
NSASAB 

NSA scientific Advisory Board 


The COINS Pmo Network Service Host. 


NSA Sigint Operations Center. 

NSS 

NMIC Support System. 

NOISS 

Network usage Information Subsystem. 

A device which is incoporated into the line driver logic of each Coins 
II. IMP. This device provides th«r NCC with the capability for remotely 
turning the line around to allow verification of operation. 

N V? 

Network Virtual Terminal. The "Standard " terminal as seen by 
applications on the network. Beal terminals are mapped into and from the 
NVT. 

ONI 

Office of Naval Intelligence 

Pertaining to equipment or devices under control ot the -central 

processing^unit.^ ^ # user's ability to interact with a computer. 

3« Directly in the line loop* In telegraph usage, transmitting directly 
onto the line rather than# for example, perforating a tape for later 
transmission. 

The concept of openness that refers to a set of commonly agreed standards 
that make possible meaningful interactions between any combination ot 
computing systems, data processing systems, or human operators which are 
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connected together in some way. 

Operating System(0/S) 

An integrated collection of service routines for supervising the 
seauencing and processing of programs by a computer. Operating systems 
control the allocation of resources to users and their programs and play 
a central role in assuring the secure operation of a computer system. 
Operating systems may perform debugging* input-output* accounting* resource 
allocation* compilation, storage assignment tasks, and other system related 
functions (Synonymous with Monitor, Executive, Control Program, and 
Supervisor) . 

Options Field 

An option field may contain several options, and each option may be 
several octets in lenath. The options are used primarily in testing 
situations? for example , to carry timestamps. Both the Internet Protocol 
and TCP provide for options fields. 

PAC 

COINS network indentifier for the IDHSC Pacom Switch. 

PACOM 

Pacific Command 


A group of bits Including data and control elements which is switched 
and transmitted as a composite whole. The data and control elements and 
possible error control information are arranged in a specified format. 

May be subdivisions of a message each of which may be independently routed. 

It is the physical container into whicn messages are divided for 
transmission. 

Packet Switching 

A data transmission process, utilizing addresed packets, whereby a 
channel is occupied only for the duration of transmission of the packet. 

Note: In certain data communication networks the data may be formatted 
into a pacieet or divided and then formatted into a number of packets 
(either oy the data terminal equipment or by equipment within the network) 
tor transmission and multiplexing purposes. This mode of operation requires 
an interface processor at each node of the network. An interface processor 
takes in a message from its host processor in segments* forms these 
segments into packets* and ships these packets separately to the network. 

The destination interface processor reassembles the packets and delivers them 
in sequence to the receiving system which obtains them as a single unit 
(message). Each packet is individually routed through the network on a 
dynamic routing basis toward its destination. 

PACOM 

Pacific Command 

PACSWI , 

Jargon for the IDHSC PACOM switch. 


COINS network identifier for the Pacific Airforce (PACAF) IDHS host 
system. 

Parity Check 

Addition of non-information bits to data, making the number of ones 
in each grouping of bits either always odd or always even to permit single 
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error detection in each group.. 

Password 

A string of characters that is recognizable to automatic 
means and that permits a user access to protected storage, files# or input 
or output devices. 

PIPL 

Photo Interpreter's Retrieval Language. The retrieval language used 
to interrogate the NPIC COINS files tnat were resident on the NP1C UNIVAC 
494, 

Platform 

A cover name for an Arpanet technology based network designed to 
facilitate tne movement of and access to data within NSA. 

PLATO 

Programmed Learning and 'Teaching Operation. A computer-based education 
system developed at the Univ. of Illinois. Vended by Control Data Corp.(CDC) 

PLI 

Private Line Interface . Used by COINS II to encrypt data trunked 
through the ARPANET. 

Plot 10 

A general purpose graphics system. 

Pluribus 

Hlah speed modular IMP. An improved IMP based on the Lockheed SUE 
Computer. 

Privacy 

The right of an individual to control the release or availability of 
information about himself. 

Compare; Network Security. 

Process 

1. A systematic sequence of operations to produce a specified result t 
7, A set of related procedures and data undergoing execution and 
manipulation by one or more computer processing units. 

l.The active elements of all host computers in a network • 

4. Programs in execution. 

Projector 

■ An apolicatlon subsystem of Windmill which supports access to the 
TIPS/RYE data files. 

Protocol 

A formal set of conventions governing the format and relative timing 
of data exchange between two communicating processes. An agreement on 
tne way in whicn an inter-process communication is to be processed. 

Protocol Layering 

The idea of layering is to insulate functions from each other# and 
to establish standard interfaces between functions. A layer is a set of 
related functions which meets 3 conditions. First, a layer must have a 
specific -hierarchical relationship with respect to other layers. 

Second#, it must have well defined interfaces between itself 

and its adjacent layers. Finally it must be able to communicate with its 
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co ??i ex : Pee f layer5 ar * layers in two different host 
complexes which perform like functions. 

Real Time 

A real-time computer is one whose processing time requirements are 
governed oy external Influences. It must receive data, process them, 
and return the results sufficiently quickly to be useful by the reeeiplent. 

Real Time System 

A system performing computation during the actual 'time the related 
o ysical process transpires, so that the results of the computation can be 
used in guiding the process. 

Reqistry Data Base 

USI5 files defining user profiles, user guides for COINS files, 
languages, and Host systems, and training courses. 

Remote Job Entry 

1. Suomisslon of jobs through an input device that has access to a 
computer through a communications link. 

2. The mode of operation that allows input of a batch job by a card 
reader at a remote site and receipt of the output via a line printer 

or card puncn at a remote site. Abbr: RJE. 

Response Time 

The elapsed time between the generation of the last character of a 
message at a terminal and the receipt of tne first character of the reoly. 

It Includes terminal delay, network delay, and service node delay. This is 
tne ti^e the system takes to react to a given input. If a message is keyed 
into a terminal py an operator and the reply from the computer, when it 
comes, is typed at the same terminal, response time may be defined as 'the 
time interval Detween the operator pressing the last key and me terminal 
typing tne first letter of the reply. For different types of terminals, 
response time may be defined siaarly. It Is the interval between an event 
and the system's response to tne event. 

RITA 

Interaet i v « Transaction Agent previously known as Rand 
intelligent Terminal Agent. A system designed for use by persons who are" not 
computer sophisticates to develop agentstcomputer programs) to perform 
tasks in an automated fashion. It Is ubder development by Rand and is 
experimentally operational. 

RJE 

Remote Joo Entry 
Routing 

~.,, Th ?,? SSignme ? t of the communications path by which a message or telephone 
can win reach its destination. 

RTP 

Real rime Protocol. A host-to-host protocol for communication of time 
critical Information. 

HYE/TIPS . 

The mSA host system housing the NSA coins file. 

SAFE 

Support to the Analyst's File Environment. A joint CIA/DIA effort 
to develop new analyst automated support systems for both agencies. 
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SCCU 

Autodin II Single Channel Control Unit. 

.SCI ' 

Sensitive Compartmented Information. 

sdi > " - ' " 

Selective Oisseminatlon of Information 

Seawatch 

NOSlC's automated ocean surveillance, system. 

Security Administration 

The process of deciding vhich individuals need access to classified 
Information to perform tnelr duties; tne verficatlon of clearances and the 
entry and maintenance of the user/terminal on network and application access 
and authorization lists. 

Security Classifications 

The national classification system of Uncllasslf led. Confidential. 
Secret. Top Secret. 

■Server"Host 

A host wnicn maxes available a resource (hardware, software or data) 
to other hosts or users not connected directly to itself. Note, a host can 
be a "user" host or a "server " host or both. 


SIP . 

Autodin II Segment Interface Protocol. 

SNCS 

Secure Network Communication System, the communications network portion 
of COINS II. 

Software 

Computer programs, procedures, rules and associated 
documentation concerned with the operation of computers, e.g., 
compilers, monitors, editors, utility programs. 

SOLIS 

Siglnt On Line Information System. 

Source 

1. The point of entry of data in a network. 

2. A data terminal installation that enters into a connected channel. 
Data entry may be under operator or machine control. 

Space Shuttle 

A diagnostic system whlcn is used to test network hardware and measure 
throughput. 

Special Purpose Gateway 

A gateway implementation which is not based on a standard internetwork 
protocol. . 

SSB 

Air Force Standard Software Base. 

Standard Internetwork Gateway 
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A gateway implementation whlcn is based on a standard internetwork: 
protocol (e.g. , TCP/ IP) . 

Subscriber-to-Transport Protocol. 

Oetlnes network interface between subscriber(host) and transport 
facility. 

Support Programs 

Programs to assist in diagnostics# testing# data generation terminal 
simulations# etc. are support programs. 

S'* i '* 

The coins network identifier for the Arlington Hall switch. 

TAC 

Autodin II Terminal Access Controller. 

TAC II 

Technical Assessment of the COINS II Program Ad Hoe Group of NSASAB. 

TAS 

COINS II Unix-based Terminal Access System. 

TASMASTER 

A special user who operates and maintains TAS. 

T-Carrier 

AT&T all-digital transmission systems available at various data rates - 
1.544 mb/s (T-ll , 6.312 mo/s (T-2J, 45 mb/s (T-3) and 274 mb/s CT-4). 

TCP 

Transmission Control Protocol. A connection-oriented, end-to-end 
reliable protocol designed to fit into a layered hierarchy of protocols 
which support multl-networK applications. 


Technical Development Plan. 


Toss Exchange Center. 

Telenet — 

The ARPA Network virtual terminal protocol. 

Thesaurus Data Base 

Usis files containing cross reference to data values collected from 
various sources. These files contain data for military equipment # geographic 
locations# and intelligence category codes. 

Tetrahedron 

A secure, digital communication network in the Washington# D.C. area 
which utilize wideband circuits. 

Text 

1. Information consisting mostly of words that are readable by a 
person. 

2. A sequence of characters forming part of a transmission which is' 
sent from tne data source. to the data sink, and contains tne Information 
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to oe conveyed. It may be preceded by a header and followed by an "End of 
Text" signal. 

3. in ASCII & communications, a sequence of characters, treated as an 
entity it preceded by a "Start of Text" and followed by an "End of Text" 
control character. 

THP • 

Autodln II Terminal-to-Host Protocol. 

TILE 

TIPS Interrogation Language. The retrieval language used to Interrogate 
the NSA HYE/T1PS COINS files resident on the Univac 494. 

Time Sharing 

A method of operation in which a computer facility is shared by several 
users for different purposes at (apparently) the same time. Although the 
computer actually services each user in sequence, the high speed of the 
computer aak.es it appear tnat the users are all handled simultaneously. 

TIP 

Terminal Interface Processor. A Honeywell H316 computer acting both 
as an IMP and as a host computer to enable terminals to connect to the 
network without a seperate Host being involved(ARPA) . The TIP software 
is one host but other Hosts may be connected to the network via the IMP 
portion of the TIP. 

TIPS 

Technical Information Processing System. That portion of RYE/TIPS 
which supports the />SA COINS files.. 

TOCOL 

Topics on COINS ON-Line. 

• * 

TOSS 

Terminal Oriented Support System. 

Transaction Mode 

The interaction between a user and the system in which no connection 
is established between the user and the system process which is to provide 
the service. The request for the service, or Transaction, is accepted 
by the system and forwarded to the user service which satisfies the request 
, the results of which are retained by the system for return to the user 
upon demand. 

Transparent Mode 

Transmission of binary data with the recognition of most control 
characters suppresed. In Binary Synchronous Communications, entry to and 
exit from the transparent mode is Indicated by a sequence beginning with 
a special Data Link EscaoeCOLE) character. 

Transponder 

A diagnostic system which is used to test the COINS II Network Control 
Program and measure throughput. 

Transport 

' The telecommunications facility which moves pieces of information from 
one place to another. (1 .e. , subnetwork, backbone, packet switching facility 
etc.) 

/ 

TTRF 
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Technology Transfer Reasearch Facility. A facility directed by the COINS 
PMO to test and evaluate programs, equipment and software that may improve 
the service to coins users. 

Transport Protocols • 

Subnet protocols used between transport facility packet switch nodes 
to handle transmission, error detection; correction, flow control, routing. 

Turnaround Time 

1. Tne elapsed time between submission of a job to a computing center 
and tne return of the results. 

2. In communications the actual time required to reverse the direction 
of transmission from sender to receiver or vice versa when using a 
two-way alternate circuit. Time is required by line propagation effects, 
modem timing and computer reaction. 

UDL 

Uniform Data Language supported by ADAPT. The retrieval language used 
as the basis for ADAPT. 

UNIX 

Tradmark for a family of computer operating systems developed at Bell 
Telephone Laboratories to support time sharing on the PDP 11 computers. Unix 
was spawned from the Multics program in the late "60s*. 

"User" Host 

A host wnich 'support user access to a server host. 

USISS 

User Support Information Sub-system. (Replaced by USIS)> 

Virtual Circuit (VC) 

A connection between a source and a sink in a network that may be 
realized by different circuit configurations during transmission of a 
message. 

Windmill- 

A host computer system (B7700) on the COINS II Network which supports 
the SOLIS and PROJECTOR (TIPS/RTE) applications. Also a host in Platform. 

WWNCCS 

Worldwide Military Command and Control System. 


c 
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I- DESCRIPTION 

This Annex includes 1) the COINS Network Management System (CNMS) 
which is perceived as a system of hardware, software, and procedures 
to operate, control, and manage the COINS; and 2) the human resources 
in the COINS PMO required to operate and manage the COINS project. 
COINS Project Management is presented in Section I and VII only. 

The COINS Network Management System has been conceived to pro- 
vide the data, processing, and display of information required to 
operate, control, and manage the COINS Network and its associated 
services. The system will support long-term management and planning 
as well as the day-to-day activities associated with network opera- 
tions. The focal point for the CNMS data collection, processing, 
and display is the COINS Network Control Center (CNCC) . 

► 

A. CNMS Components 

Three categories of information have been identified to 
support the COINS Network Management: monitoring, usage, and 
user. The three subsystems identified to collect, process, 
and display the collected information are the Network Monitoring 
Subsystem (NMSS) , the Network Usage Information Subsystem 
(NUISS), and the User Reporting Subsystem (URSS). Two computers, 
the Network Control Computer (NCC) and the Network Management 
Computer (NMC) , have been identified to support those subsystems. 

- * Tb e_NetwotR, Monitoring Subsystem (NMSS) 

The Network Monitoring Subsystem (NMSS) is the part 
of the CNMS that coordinates and controls the network's 
performance activities. 
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The Network Monitoring Subsystem (NMSS) will collect 
all of the network monitoring activity into one subsystem. 
It includes what was formerly known as the Communications 
Monitoring Subsystem (CMSS) , and the functions for moni- 
toring the local hosts. 


The components of the network to be monitored include: 

(1) Communications Processors (IMPs) 

(2) COINS Access Systems (CASs) , i.e.. 

Host Access Systems (HASs) 

Terminal Access Systems (TASs) 

Network Access Systems (NASs) (Gateways) 

(3) Host Processors 


(A) 


Communication circuits and associated 
including COMSEC devices 


equipment 


The NMSS software now is a subset of the on-line Net- 


work Control Computer (NCC) software. The NCC (Honeywell 
316) receives performance data from all IMPs on a timed 
periodic basis, and prepares status reports of communica- 
tion network status that are printed on-line on the Logger 
Model 33 Teletype attached to the NCC. The NCC also re- 
ceives diagnostic data from the network and produces re- 
ports on the Summary Model 33 Teletype attached to the NCC. 

The monitoring activity, currently limited to the 
IMPs, will be expanded to include the COINS Access Systems, 
the host processors, the status of interfaced networks, 
and the communications. Monitoring the COINS Access Systems 
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will be accomplished directly with the NCC as with the IMPs. 
Monitoring the host processors and interfacing networks 
will be accomplished via the Host Access System (HAS) and 
the Network Access System (NAS) respectively. The communi- 
cations monitoring will be accomplished through: DECK ROOF.. 

Monitoring will include reports of throughput data as 
well as status reports and error reports; e.g., transmission 
errors, rerrsnsizil.ssi.ons, snd unususl delays* 

Figure 1 presents the general data flow for the COINS 
Network Management Systems. 

(a) . Local host monitoring will monitor hardware, 
software, and communications facilities associated 
with a host. The monitoring will be performed in 
real time, identifying faults and monitoring 
operational thresholds so that they can be quickly 
evaluated and corrected as needed. The purposes 
of the local host monitoring activities are to 
keep a status on the host resources, and to de- 
tect malfunctions and to trigger corrective pro- 
cedures. The local host monitor functions will 

be accomplished by the NCC and Host Access System. 
Findings will be reported to the local host 
man ager and to the COINS Network Control Center. 

(b) Co mmuni cation Monitoring - DECK ROOF (or a 
successor) will be installed in COINS to monitor 
the T1 (TETRAHEDRON) network and COMSEC devices. 

A-3 
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The design includes provision for special 
monitoring information to be provided to the NMSS 
(on au exception basis) of any COINS-related mal- 
functions or other significant events. 

DECK ROOF was started in response to a re- 
quirement from the COINS FMO to NSA/T to develop 
a real-time capability to monitor all T1 communi- 
cations facilities associated with COINS II and 
report problems. The project was expanded by 
NSA/T to include the monitoring of all NSA com- 
munications facilities including COINS. 

2. The On-Line Network Usage Information Subsystem (NUISS) 
The On-Line Network Usage Information Subsystem (NUISS) 

collects and integrates system logs for each host and 

switch and tabulates information on usage* operating 
performance, responsiveness, and reliability of COINS. 

3. COINS User Reporting Subsystem 

The COINS User Reporting Subsystem will provide the 
mechanisms for users, managers, and system personnel to 
comment on their experiences with the COINS Network and its 
accessible resources, to suggest changes to the network and 
accessible resources, or to suggest new capabilities and 
services . 
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Included In the design concept Is a mechanism to 
assure that all comments and suggestions are responded to 
by the responsible organizations. 

Another facet of the design concept is to support 
general and selective surveys to solicit co mmen ts - These 
surveys will be conducted by the COINS PMO butr. the impetus 
for such surveys may be provided by any organization re- 
lated to the COINS Network. 

4. The Network Control Computer (NCC) 

The Network Control Computer (NCC) supports remote 
diagnosis and software maintenance. Diagnostic and statis- 
tical data from each of the IMPs are automatically reported 
to the NCC approximately every minute. When network deg- 
radation is reported, background programs can retain control 
of the network, isolate equipment failures from communica- 
► tions line trouble, and perform many kinds of recovery. 

From the Network Control Center, it is possible to reload 
IMP software throughout the entire network. It also per- 
forms and coordinates troubleshooting activities in COINS. 

At present, the NCC operators use three different consoles 
to perform their operations and control functions. It is 
planned to automate these functions while operating from 
one console. 

. The obsolete NCC H316' Computer will be replaced by a 
BBN C/70 Processor.^ At the time of the C/70 implementation, 

‘The C/70 is a processor based on the BBN Microprogrammable Building 
Block (MBB) architecture. The BBN C/30, also called the MBB IMP, 
will replace the H316 IMPs. 


A-6 

Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 

extensions to the monitoring system will be Ini tiated to 
cover all COINS Network major components. Also* the moni- 
toring data will be transferred to the NMC for maintaining 
a his tory file , developing trends , and providing management 
reports. Concurrently with the BBN C/70 installation, all 
network operations, diagnostics, tests, and corrective 
action- will be accomplished at a single Integrated console. 
The console will include CRT displays (graphic and alpha- 
numeric) as well as hardcopy output. 

5. Network Management Computer (NMC) 

With the upgrading of the NCC Computer, a second 
BBN C/70 processor will be installed to process the moni- 
toring and throughput information, to collect and process 
the usage data in support of NUISS, and to collect, process, 
and retain information in support of the User Reporting 
Subsystem. The NMC will also be used to develop, test, 
validate, and verify software for the NCC and NMC and will 
function as a backup for the NCC. 

B. COINS Project Management 

COINS project management is described as management, opera- 
tions,, and user support. 

The management activities are: 

Program Planning and Budgeting 
Contracting and Contract Monitoring 
Inter-Agency Coordination 

A- 7 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Identifying User Requirements 
Configuration Management 

Serving on Various Community Committees and 
Ad Hoc Working Groups 

Developing, Implementing, and Monitoring 
Appropriates Security Procedures 

The management activities are expected to change little in 

the next five years and, therefore, the management staff will 

remain relatively static. 

The operations activities are: 

Operate and Arrange for Maintenance of the 
Equipment Located in the CNCC: IMPs, NCC, 

NMC, NSH, TTRF, and associated peripheral 
devices . 

Identify and Correct Network Faults. 

Maintain Accurate Status of the COINS Network 
and its Components. 

Coordinate Error Detection and Correction with 
Other COINS Participants. 

Maintain Physical Security of CNCC. 

Validate and Verify New or New Releases of 
Network Software and Hardware. 

Develop Procedures for All Aspects of Operations. 

The COINS Network is now operating 17 hours per day (0600- 
2300) Monday through Friday excluding holidays. It is planned 
to increase the operations staff and to extend the period of 
operations to 24 hours per day, seven days a week incl uding 
holidays . 

The user support activities are: — 

Develop Tra inin g Courses. 
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Conduct Training Courses 

Assist Users in Accessing COINS Resources 

Determine Courses for User Problems and Taking 
Corrective Actions 

Informing Users of New and Changed Resources 
and User Guides 

Coordinating Training Requirements with 
Participating Agencies 

With the addition of new users brought about by the Increased 
accessibility of COINS through TASs, new host computers (DODIIS) 
and interfacing networks, the work load on the user support will 
increase dramatically over the next two-three years. The situa- 
tion will be worsened with the addition of new hosts and their 
attendant resources and different methods and procedures. The 
situation will change little until 1986 when person-to-person 

e 

training will give way to the automated User Support Information 
System using Computer Aided Instruction (e.g., CDC PLATO). It 
is expected that the user support staff can be reduced at that 
time. 

II . LONG-RANGE OBJECTIVES 

The goal of the CNMS Is to provide timely accurate information 
in a useful form to network managers: to perform the day-to-day 
management of the network* to maintain a data base of performance 
and usage data for trend analysis for short— and long-range planning 
of qualitative and quantitative improvements, and to detect degener- 
ating conditions in the network. 

The long-range objective is to develop and implement a fully 
automated on-line system tor the collecting, editing, analyzing, and 
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reporting network information. This information will be used by the 
COINS PMO to monitor the network operations and performance, and to 
assess the utility of the COINS II Network to the end users of the 
COINS accessible services.. ■ Subsets of the information will be pro- 
vided to the agencies involved with the COINS PMO for their informa- 
tion, evaluation, and action, and to support their resource management 
and budgeting decisions. Further, it is an objective to automatically 
perform fault diagnosis and fault correction to the tnav-t tthtto extent 
practical. 

It is recognized that this objective will not be achieved in a 
single giant step but rather will be achieved gradually over the years. 

It is also recognized that while incremental improvements are being 
defined, .developed, tested and implemented, existing procedures and 
methods must be m ai n tained, in an operational status . 

III. JUSTIFICATIONS 

Management is a priori requirement for a system as valuable and 
complex as the COINS network. The network is both complex in its 
operations and in the development of capabilities to satisfy the users f 
needs. To eliminate or at least minimize the false or misdirected starts 
in satisfying user needs, monitoring the qualitative aspects of COINS 
accessible services is just as important as the quantitative aspects. 
Timely and accurate information about the network, its accessible 
services and user satisfactions is required to do the cost-benefit 
a nal ysis necessary to allocate scarce resources to improve existing 
services, to increase capacity of existing services, and to provide 
new services . 

A- 10 


Approved For Release 2003/08/18 : CIA-RDP83T00573R0001 00140001 -8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R0001 00140001 -8 


Failure to collect the needed information to present it in 
usable form, to analyze it, or to act on the acquired knowledge will 
result in the deterioration of the existing services , ignoring user n*» eda 
by not improving or developing capabilities, or by providing inappropriate 
capabilities or inappropriate changes . 


The development program for the CNMS is in direct response to the 

ASD(I) Review Group Report: on the Evaluation of the COINS Experiment 

dated 1 February 1973. The review group recommended that: 

"Present COINS reporting procedures be modified to allow 
the collection of statistics more amenable to permitting 
evaluation of system usage, timeliness, and effectiveness. 

The COINS Project Manager should be directed to submit a 
plan for statistical reporting which would (a) identify 
the objectives of such reporting (i.e., what must be 
learned about, the system) , (b) the items of data to be 
collected to satisfy the objectives, and (c) the analysis 
to be performed on the data to provide the desired 
information." 

IV. FACTORS BEARING ON THE PLAN 
A. Facts 


1. Most of the service host computers are not owned by the 
COINS PMD and, therefore, are not under the COINS PM0 control. 
i-iS an alternative to the host reporting status data every n 
seconds (the preferred mode) , the local host status data 
will be derived by sending appropriate messages to the host 
system and evaluating the responses. These monitoring ac- 
tivities will be accomplished by the NCC and the Host Access 
Systems and preclude the need to modify the host computer 
system to support COINS monitoring. A similar procedure may 
have to be adapted for interfacing networks. 
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2* With regard to the monitoring of the TETRAHEDRON network 
and COMSEC devices which are being monitored by the DECK 
ROOF system currently under development, the NMSS must con- 
tent itself with that data which will be made available by 
these developers and managers of DECK ROOF. 

B. Assumptions 

2* 2k is assumed that the DECK ROOF manager will provide the 
data necessary for NMSS to operate, control, isolate malfunction- 
ing components , and to inform users and managers of outages or 
pending outages of all COINS major network components. If this 
assumption proves false, a complete status of the COINS Network 
may not be available and .will reduce the fault isolation ability 
of the CNCC. 

2. It is assumed that the DODIIS hosts attached to the COINS 
Network will be attached, monitored, and require the collection 
of usage data the same as COINS hosts. If these host computers 
are to be treated differently, the difference must be known 

to reflect them in the design of the CNMS. See ISSUES , para- 
graph IV. C. following. 

C. Issues 

The COINS Network has been designated (at least informally) by 
DIA to be the Washington, D.C. area network for DODIIS. As such, the 
DODIIS hosts in the area will be attached to the COINS Network in the 
same fashion as COINS hosts; i.e., through a Host Access System. It 
is not known at this time if the CNMS will be required to collect, 
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process and score the same type of information for the DODIIS 
host systems as is planned for the COINS hosts. Also, it is not * 
known how many DODIIS hosts will be attached to COINS. 

If this issue is not resolved, a choice must be made relative 
to how to treat the DODIIS hosts in the subsystems - the choice may 
be wrong necessitating redesign and reprogramming. 

V. APPROACH 

The approach to meeting the long term objectives of the CNMS will 
be evolutionary because current systems and procedures must be maintained 
in an operational mode as new hardware, software and procedures are de- 
veloped and implemented. — 



With the delivery and installation check out of the NCC BBN C/70, 
the IMP monitoring functions now accomplished by the H316 will be 
converted to the BBN C/70. Following the H316 to C/70 conversion, 
the monitoring will be extended to include the COINS Access Systems 
(HAS, NAS & TAS) and the server hosts that are attached to COINS 
with a Host Access System. Concurrently, arrangements will be made 
with DECK ROOF system to send communication and COMSEC status data 
to the NCC for integration with other network status data. 

Monitoring and throughput data collected by the NCC will be 
passed to the Network Management Computer (NMC) for storage and 
for analyses to determine if chronic problems exist or are de- 
veloping in any of the components, and to support trend analysis 
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6 

of the components and sets of components.- In the ARPANET, 
processing of historical (longer than most recent 24 hours) 
monitoring data is accomplished in the DEC PDP 10 computer at 
BBN. These processes were never implemented in the COINS Net- 
work because of a shortage of computer resources. With the 
installation of the BBN C/70 as the NMC, the processing of 
historical monitoring data and traffic data will be initiated 
on the COINS Network. Also, the monitoring and traffic data 
will be correlated with usage data to determine if poor perfor- 
mance on any set of major components show positive correlation 
— exists between usage and poor performance in order to determine 

and implement appropriate corrections. 

B * Network Usage Information Subsystem (NUISS) 

The first step in the evolution of the NUISS has been 
started, i.e., the network usage information processing is being 
moved from the IBM 370 system (not a COINS host) to the COINS 
Network Service Host (NSH) , PDP 11/70. The system logs are 
still processed on the IBM 370, but some of the files extracted 
from the logs are manually transferred to the NSH to prepare 
the reports needed by the COINS PMO. 

This migration will continue until all processing is accom- 
plished on the NSH including the initial processing of the 
system logs. It is anticipated that all NUISS processing w ill 
be accomplished on the COINS NSH by the end of FY 1981. 
r' 
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The feasibility of collecting the system logs automatically 
from the COINS access systems has been, demonstrated. The capa- 
bility will be implemented as the network hosts adopt the 
COINS II Host Access System (HAS) as their network interface. 

This transition will be completed by 1984. 

Concurrently with the IBM 370 to NSH migration and implementation 
of automatic log collection, a BBN C/70 micro-programmable processor 
will be Installed (end IY81) to perform the collection, processing, 
storage and display for the CNMS including the NUISS. Beginning 
in FY82, the processing for NUISS being done on the NSH will 

to the BBN C/70 NMCS computer. The software development 
for processing NUISS data on the NSH will be compatible with the 
BBN C/70 and can be transferred with little difficulty after the 
C/70 has been installed and checked out. 

C. User Reporting; Subsystem (URSS) 

The User Reporting Subsystem does not exist in any structured 
way in COINS. A pilot system will be implemented during FY81 to 
evaluate the concept, establish the design characteristics of such 
a system, and to determine how it should be implemented. Assuming • 
the pilot system evaluation results in a decision to provide a User' 
Reporting Subsystem, an initial capability will be developed and 
implemented on the CNMC BBN C/70 starting in FY83. 
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VI. STATUS AND PLANS " 

Network Monitoring Support System (NMSS) 

Network monitoring is presently maintaining the status quo - no 
development effort is ongoing. A capability specification is 
being prepared for extending the monitoring to the COINS Access 
Systems and the server host computers. Current plans call for 
BBN to design and program the extensions for the BBN C/70, and 
to deliver the monitoring software with the hardware late in 
FY81. Likewise, a capability specification for the processing of 
network monitoring data comparable to the capabilities provided 
by the DEC PDP 10 computer at the BBN ARPANET Control Center, 
will be presented to BBN so that the software to process historical 
status and traffic data will be delivered with the BBN C/70 late 
in FY81. 

Enhancements to the NMSS will be developed in FY82 through 
FY84 to provide the host monitoring functions and further enhance- 
ments if experience indicates their need. 

Network Usage Information Subsystem (NUISS1 

The processing of two major files, CUPA and LOST, have been 
transferred from the non-COINS UNIVAC 494 '(RYE/TIPS) to the COINS 
Network Service Host (NSH) . The host computer logs are collected 
ma nua l l y and processed to extract the CUPA and LOST files which 
are then manually transported to the NSH where management reports 
are prepared and displayed for information and action. 
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The next step is to move the processing of the manually collected' 
system logs to the NSH where they can be merged with automati call y 
collected system logs from the COINS Access Systems. This processing 
of manually collected logs and implementation of the automatic 
collection of the CASs system logs will be accomplished as the server 
host computers convert to using the COINS Host Access System (HAS) . 

The conversion is planned for completion when WINDMILL attaches to 

a HAS in FY84. In FY82, the NUISS will be transferred from the NSH 
to the NMC. 

During FY82 and IT83, the NUISS management reports will be 
refined and expanded to take advantage of available graphics 
capabilities, available on the Network Service Host. 

During FY84, the processing will be developed to correlate 
usage data with monitoring data. 

c * User Reporting Subsystem CORSS) 

The pilot User Reporting Subsystem will be implemented in one 
or two Terminal Access Systems (TASs) in FY81 and be system 
evaluated throughout FY81 and into FY82. A capability specification 
for the URSS will be developed in FY82 and the system will be de- 
veloped for the BBN C/70 in FY83 and implemented starting in FY84. 

VII. RESOURCES & SCHEDULE 

The following tables show the funds that have been budgeted or 
programmed and, for the out years, planned to develop, implement and 
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maintain the COINS Network Management System. The funds are those 

required for procurement and contractor support. In-house resources 
are excluded. 

A- Network Monitoring Subsystem (NMSS) 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

0&M 

175 

170 

250 

250 

250 

250 

250 

Procurement. 

— 

400 

— 

50 

— 

— 

— 

RDT&E 

— 

— 

200 

200 

200 

150 

150 

TOTAL 

175 

570 

450 

500 

450 

[400 

400 


, 


1000 

of Dollars 




The FY80 and FY81 O&M funds are those required to maintain 
the hardware and software for the existing NCC H316. The O&M 
funds for FY82 through FY86 are to maintain the hardware and 
software for the NCC BBN C/70 and the NMC BBN C/70. 

The FY83 procurement funds are to purchase a console for the 
integrated display of monitoring data in the CNCC. 

The procurement funds (FY81) are for the purchase of two 
BBN C/70 hardware and the network monitoring software for the 
NCC C/70, and the software to process the historical monitoring 
data for the NMC C/70. The RDT&E funds in FY83 through FY86 
will support enhancements to the NMSS, develop software for the 
CNCC integrated display, and to develop automated diagnostic and 
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fault correction routines and to develop validation and verifica- 
tion software for the CNCC. The RDT&E funds in FY82 are to 
develop software for correlating monitoring and usage data on the 


NMC. 

B. Network Usage Information Subsystem (NUISS) 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

0&M 

20 

loo- 

100 

120 

120. 

120 

120 

Procurement 

— 

— 

— 

— 

— 

— 

— 

RDT&E 

250 

150 

100 

120 

120 

120 

120 

TOTAL 

270 

250 

200 

240 

240i 

240: 

240. 




1QQ0 

of Dollars 




The O&M funds are to maintain the software for the NU1SS. The 
RDT&E funds for FY80 and FY81 are to transfer the NUISS processing from 
the IBM 370 to the COINS Network Service Host (NSH) PDP 11/70 and to 
Implement the automatic collection of system logs from COINS Access 
System. RDT&E funds in FY82 will support the transfer of NUISS from 
the NSH to the COINS Network Management Computer (CNMC) , BBN C/70. 

RDT&E funds for FY84 through FY86 will be for the development of 
reaction reporting on a real-time basis. 
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C. User Reporting Subsystem (URSS) 


FY80 I FY81 


FY85 

FY86 

60 

60 

120 

120 

180 

180 


1000 of Dollars 


The development of a pilot URSS will be accomplished under the 
Man Machine Relationship Program which is funded by the DOD 
Advanced Research Project Agency (ARPA). See Annex C, Network 
Development . 


The RDT&E funds (FT83— FY86) are to develop. Implement , and 
enhance the operational UR3S following the pilot" system., evaluation 
D. Total COINS Network "Management System (CNMS) 


&M 

Procurement 

RDT&E 

TOTAL 


FY80 FY81 


195 270 350 370 430 


250 150 300 520 440 


445 .820 650 940 970 


1000 of Dollars 


FY84 

FY85 

FY86 

430 

430 

430 

440 

390 

390 

970 

820. 

820- 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 











































Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


E. COINS FMO Staffin g 

The resources for the COINS FMO are shown in terms of the 
in-house staff requirements rather than dollar resources. 



FY80 

FY81 

FY82 

IY83 

Management 

8 

8 

* 

9 

9 

Operation 

8 

11 

15 

15 

User Support 

6 

8 

12 

15 

TOTAL 

22 

27 

36 

39 



Staff Years per Year 
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I. DESCRIPTION 

Resources as used here Include the hardware and software that are 
provided to the servers and users of COINS by the COINS PMO. Included 
are the Interface Message Processors (IMPs) , the interfaces between 
the IMPs and host computers, the Terminal Access Systems CTASs) , the 
interfaces to other networks, and the software resident in the suite 
of hardware. 

Presently the interfaces between the IMPS and host computers 
consist of an Intelligent Network Interface (INI) for the RYE system 
at NSA, a Front End Processor (FEP) for the SIGINT On-Line Information 
System (SOLIS) at NSA and a Host Access System (HAS) for the New 
Data System (NDS) at NPIC. See Figure 1. The INI and FEP use DEC 
PDP 11/40 computers with the ELF operating system. The HAS uses a 
DEC PDP 11/70 computer with the UNIX operating system. It is planned 
that all host computer interfaces will be standardized on the DEC 
PDP 11/70 UNIX HAS architecture when the WINDMILL computer assumes the 
RYE and SOLIS functions. 

In addition to the preceding hardware, the COINS PMO provides 
Private Line Interfaces (PLIs) to allow the use of ARPANET as a back- 
bone communications network to gain access to the COINS network. A 
PLI is installed at IPAC and one has been purchased and is scheduled 
for Lawrence Livermore Laboratories (LLL) in FY81. 

The communications lines — TETRAHEDRON in Washington, D.C. area 
and leased or ARPANET elsewhere — are not provided by the COINS PMO. 

The hard wire communication between IMPs and TASs, and between IMPs 
and host computer interfaces are provided by the COINS PMO. 
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PDP 11/70 
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FIGURE 1 

CURRENT COINS HOST COMPUTER INTERFACE 
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The software provided and. maintained by COINS PMO includes those 
programs resident in the front ends, access systems , IMPs, and PLIs 
that implement the basic services of those hardware devices and pro- 
grams to provide special services directly to the users. These special 
services as envisioned today include a common query language (presently 
ADAPT), a User Support Information System CUSIS), a text editor, a 
data base management system to provide a home for data files of com- 
munity interest that cannot be made available on another COINS host 
computer, mail and message services, teleconferencing, local personal 
file storage, and data manipulation capabilities. 

Some of these may be resident in one or more COINS host computers. 
Others may be made available in COINS Access Systems, or COINS PMO 
sponsored host computers. Notable among the latter is the User Support 
Information System. A host computer to adopt homeless files could, be 
provided by the COINS PMO or another participating agency if unused 
capacity were available on the host. 

Following are brief descriptions of the COINS PMO provided hard- 
ware and software resources. 

A. Interface Message Processors (.IMPs) 

The IMPs are the packet switches to internet the host com- 
puter and COINS Access Systems on the COINS network. The IMPs 
are owned and controlled by the COINS PMO as are the programs 
residing in the IMPs. 
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B. Host Interfaces 

The Intelligent Network Interface (INI) and a Front-End 
Processor (FEP)— both DEC PDP ll/40s with the ELF operating 
system — serve as the COINS Network interface for the NSA RYE 
and SOLIS systems respectively. The INI and FEP will be replaced 
with a COINS Host Access System (HAS) when the WINDMILL computer 
takes over the RYE computer functions. At that time, WINDMILL 
will house both RYE and SOLIS systems, 

C. COINS Access System (CAS) 

The CAS is an umbrella name for Host Access System (HAS) 
which is the interface between a host computer and COINS, Termi- 
nal Access System (TAJ!) which is the interface between terminals 
and COINS, and Network Access System (NAS) which is the inter- 
face (gateway) between another network and COINS. 

The CASs and most of the resident programs are provided and 
controlled by the COINS PMO. All TAS software is under COINS 
PMO control, all HAS software including that part required to 
interface with the host computer is controlled by the COINS PMO, 
and the COINS half of the NAS is controlled by the COINS PMO. 

D. ADAPT 

ADAPT eliminates the requirement for users to learn and 
use the query language for each host computer system they have 
need to access by providing a common query language. The common 
common query language is transformed into the query language of 
the host computer being accessed and prepares the query response 
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for display to the user. The user has the option to use the 
st an d ar d language or the target system language. Batch and 
interactive modes -are. available through ADAPT. 

E. User Support Information System (USIS) 

USIS is the central automated repository of all information 
concerning the resources on COINS that are available for users, 
and how these resources can be used. All user guides for files, 
query languages, and other resources (e.g., USIS, ADAPT, Text 
Editors, and host computers) will be available in USIS and acces- 
sible via COINS for training and user reference. 

The key characteristics of USIS are user profiles, guides 
and trai n i n g aids, authoring and a thesaurus. User profiles 
record, for each registered user, areas of interest relative 
to the resources available via COINS. The profiles are used to 
automatically inform the users of changes in various guides. 

The guides are the many on-line publications that provide infor- 
mation for accessing and using the available resources. The 
tra inin g aids provide sample uses (sample queries for example) 
of the resources, and provide lesson plans for training the 
user not f ami liar with a particular resource. Authoring provides 
the mechanisms for the responsible individuals to prepare the 
user guides on-line. The mechanisms are constructed such that 
the format of guides are standardized and, therefore, easier to 
understand when many guides must be learned. The thesaurus pro- 
vides a cross reference of data element names and codes as they 
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are used in the many files of the sponsoring agencies. The 
thesaurus in this reg;ird is an interim measure to alleviate the 
problems brought about by the lack of data element standardiza- 
tion. 

F* Other User Services 

One or more text editors vill provide the users with the 
capability to prepare and modify documents on-line. This capa- 
bility, coupled with mail and teleconferencing, facilitates 
coordination and collaboration when the originators of an intelli- 
gence product must coordinate or collaborate with geographically 
dispersed participants. Using the COINS Network for product 
production is more efficient than the mails or travel. 

Local, personal file storage and data manipulation capabili- 
ties provided needed services to users who access COINS through 
a TAS and must rely on COINS accessible resources for all such 
services . 

II. LONG RANGE OBJECTIVES 

The long range objectives are to provide the servers and users 
needed hardware and software support that is more cost-effective for 
COINS PMO to provide than .mother member organization. Further, the 
COINS FMO will endeavor to supply these resources in such a way so as 
to encourage the use of the valuable resources accessible on the COINS 
Network. 

The sponsoring agencies are encouraged to provide and maintain 
resources for COINS users when it is more cost-effective than can be 
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achieved by the COINS PMO. The provision of. text editing, for example, 
may be better provided by iill agency host computers and made available 
to COINS users who need the service. However, no plans exist for the 
, COINS member agencies to ectend text editing or other services, except 
for processing and responding to file queries, to users via the COINS 
Network. Many resources will be supplied by the COINS PMO because 
many COINS users access the host computers via TASs and the only com- 
puter resident resources available to them are those offered on the 
COINS Network. 

To achieve the long range objective of cost-effective support, - 
the COINS PMO plans to provide standardized access system hardware 
and standardized protocols for gaining access to any resource available 
via COINS. Standardization will lead to cost-efficiency in resource 
acquisition and maintenance. A single access command language will 
allow a user to access any COINS resource. 

A. Interface Message Processor (IMPs) 

The IMPs will be upgraded from the current Honeywell H316 
processors to the new BBN C/30 microprogrammable processor. The 
current H316 processors are obsolete and are becoming more diffi- 
cult and more costly to maintain. Software for the IMPs will be 
centrally maintained in the COINS Network Control Center and will 
be downstream loaded to the IMPs. 

B. COINS Access Sysitem (CAS) 

The network interfaces now being used for KIE and SOLIS at 

NSA and the IDHSC gateway at DIA will be replaced by Host Access 
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Systems and a Network; Access' System respectively. Standardizing 
the COINS access also makes possible a, common mechanism to con- 
trol access to the COINS network and available resources. 

The long range plan for. the COINS CAS is to limit their 
functionality (where practical) to providing and controlling 
access to the COINS Network. All CASs — Host Access (HAS) , Termi- 
nal Access (TAS) , and Network Access (NAS) will provide for 
bilateral communications between their respective components, 
for access controls required for COINS Network security and for 
a precedence/priority system for use when the COINS Network or 
an accessible resource becomes overburdened. The COINS PMO plans 
to achieve and maintain uniformity of the COINS Access Systems 
and to provide and control the CASs and the software — for which 
the COINS PMO is responsible — for accomplishing the functions of 
the CASs. 

Uniformity of hardware and software will minimize the cost 
of software development and maintenance and provide for downstream 
loading of software from the COINS Network Control Center. Uni- 
formity is necessary for maintaining configuration control over 
the software resident in the CASs. 

C. Service Host 

The COINS PMO service host computers in the long term will 
be attached to the network in the same fashion as other agency 
host computers; i.e., with a HAS. Where practical, the services 
now supported by the TAS that are required to support users who 
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enter the network via a TAS. will be moved to one or more COINS 
PMO service host comjjuters or the service host computers of 
other participating organizations. 

The COINS PMO Network Service Host CNSH) currently installed 
on the COINS Network is being used for COINS PMO purposes — software 
development, TAS backup, software testing, and processing usage 
information. When the BBN C/70 processor takes over usage data 
processing and the User Information Support System (USIS) is 
moved to a USIS dedicated PDP 11/70 (end of FY82), the NSH will 
be used to supply services for users. 

D. ADAPT 

The development of ADAPT to provide a uniform Information 
retrieval language is aimed at eliminating barriers to the use 
of the information available on the many COINS host computers 
that result from the need to learn many retrieval languages . 

ADAPT will go through incremental improvement cycles based on 
user experience with each successive revision of ADAPT, 

E. User Support Information System (USIS) 

USIS will, in the long term, become part of a computer-aided 
instruction system to provide COINS users with high quality 
instruction at their home work stations. At that time it is 
expected that the courseware for COINS users will be prepared 
by professional instructors who are knowledgeable in the resources 
being covered. The instructors of the several intelligence 
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schools are likely candidates for courseware development. The 
COINS FMO will be responsible for developing Instruction programs 
to teach how the COINS Network Is accessed and to teach the users 
how to use any unique services that are provided by the COINS 
FMO. 

The CAI version of USIS will maintain records of student 
achievements to measure the students' progress and to provide 
information for use in evaluating the effectiveness of the 
lessons and instructional material. 

F. New Protocols 

The ASD(C^I) has directed all DoD computer networks based on 
the packet switch technology to adapt the standard DoD Transmis- 
sion Control Protocol (TCP) for host-to-host communication and 
the standard Internet: Control Protocol (IP) for communications 
between computer networks. The COINS PMO plans to adopt these 
protocols after they are evaluated in a test bed environment to 
determine the impact they may have on throughput and to determine 
If other software should be modified to minimize any detrimental 
Impact that the protocols may have. 

The need for a general File Transfer Protocol (FTP) will 
be investigated and if one is needed, it will be adapted from 
an existing FTP or a new one developed for implementation in 
COINS. The purpose of the FTP is to provide a mechanism for 
effective and efficient large volume data transfers from a host 
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to another host or to an acaess system that provides file 
services. The purpose of an FTP is not to provide for repli- 
cating files or large sections of files on various processors 
to satisfy users desires to have their private data bases. 
Clearly, this would defeat the reason for COINS inception; 
i.e., sharing information that is maintained by the single 
agency responsible for the completeness, accuracy, and timeli- 
ness of the information. 

G. Network Virtual Terminal (NVT) 

The COINS PMO will implement a Network Virtual Terminal to 
provide for handling a wide range of user terminals on the net- 
work. The NVT will translate the individual terminal character- 
istics into the NVT representations at the processor closest to 
the terminal (e.g., TAS) and will translate from the NVT repre- 
sentation to the individual user terminal characteristics. At 
the server end of the communication (e.g., HAS) the NVT repre- 
sentation will be translated into terminal characteristics of a 
ter m i n al type that, is serviced by the host computer system and 
vice versa. Using the NVT protocols, a wide range of terminal 
types can be used for accessing COINS resources without the need 
for each host to Implement terminal handling software for each 
type of terminal. 
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H. Priority/Precedence ~ : 

A priority/ precedence system will be implemented In COINS 
to assure that users involved in crisis situations are given the 
best possible service within the COINS. Presently, all users 

i 

! 

have equal priority aind precedence whether they be trainees or 
NMIC Watch Officers. 

The priority /precedence system will be implemented in the 
COINS Access Systems (CASs) . In this way all network access to 
all resources on COINS can be controlled, however, the COINS 
priority/precedence system cannot govern user access that is 
made directly to the host computer. 

Ill- JUSTIFICATION 

The provision of the capabilities to share intelligence informa- 
tion among the users within the intelligence community is the keystone 
of the COINS charter. These basic capabilities (resources) are pro- 
vided through an assemblage of Interface Message Processors (IMPs) , 
the communications between the IMPs, COINS Access Systems, and the \ 

procedures and software needed for their proper functioning. 

To this basic set, resources of community interest have been 
added to support the efficient exchange and processing of Information, 
and to provide a system for COINS user support. The need for these 

t 

resources is not the consequence of a single agency's action, but is 
the consequence of all participating agencies collectively. For this 
reason, the User Support Information System and ADAPT are being 
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developed to address the global problems of COINS user training and 
the multiple query languages respectively. Likewise, a file transfer 
protocol, network virtual terminal, and priority /precedence are net- 
work-wide solutions to problems that are brought about (ah least in 
part) by the network. 

A network-wide mail/message service and teleconferencing can be 
Implemented in the several host computers, the COINS Access Systems 
or some of both. Implementation in the COINS Access Systems is planned 
whether or not they are implemented elsewhere. It will be less costly 
because the services need only be developed once and replicated in 
the standard access systems. Implementation in the several host com- 
puters, even if all affected agencies agreed, would require separate 
development, implementation and maintenance for each host. 

Further, the COINS PMO has provided and is planning on expanding, 
services to users who access COINS via a TAS. The storage, processing, 
manipulation, and display of retrieved information for this group of 
users is limited to the services provided on COINS by the COINS PMO 
or to. those that can be accomplished manually, unless the hardcopy of 
the retrieved data is entered into another computer available to the 
user that can process Top Secret SCI information. Since some COINS 
users who have need to access, retrieve, and process intelligence data 
are members of agencies outside the Intelligence community and the 
Department of Defense, COINS is the only source for automated storage 
and processing of retrieved classified data. 
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Justification for the provision of a host computer and DBMS to 
make available data files of community interest that canno t be made 
ava ila ble on another COINS host is dependent on the number of such 
files and the amount of interest in accessing the data. COINS PMO 
will only provide this service if the number of files and amount of 
interest justify their COINS accessibility, and no other COINS host 
has excess capacity. 

IV. FACTORS BEARING ON TEE PLAN 

A. Factual 

1. UIA has indicated that the COINS will be the Washington, 
D.C. area network for DODIIS. This will require a Host 
Access System for each DODIIS computer to be attached to 
COINS. The number of such hosts have not been determined, 
and therefore, program planning and budgeting cannot be 
accomplished. Also, it is not known to what extent the 
DODIIS system guides, file guides, etc. must be included 

in USIS. 

2. During the transition of IDHSC to AUTODIN II, a gateway 
between IDHSC and AUTODIN II will not be developed. COINS 
will provide the communication link for AUTODIN II sub- 
scribers to access IDHSC hosts and vice versa. COINS must 
provide sufficient capacity at both gateways to handle the 

ft 

traffic until the transition of IDHSC to AUTODIN II is 

completed. 
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3. The Network Control Protocol (NCP) currently being used 
in COINS will be replaced with the DoD standard Transmission 
Control Protocol (TCP4) , and the DoD standard Internet Pro- 
tocol (IP) will be implemented in COINS. The impact of' 
these changes must be assessed to determine if other COINS 
software must be modified to accommodate the new protocols 
and maintain efficient operations. Initial indications 

are that a different version of the UNIX operating system 
may be required by the COINS Access Systems — TASs, HASs, 
and NASs. Also, the NCP of the ELF operating system based 
INI and FEP will not be changed to TCP4, A method must 
be developed to allow the coexistence of NCP and TCP4/IP 
in COINS. 

4. There is no precedence/priority system in COINS. In 
the event of a crisis resulting in a heavy load on one or 
more COINS resource or host computer, there is no mechanism 
whereby the users who have the critical need for service 
can be given preferential treatment. 

B. Assumptions 

1. The DODIIS computers to be attached to COINS w ill be 
COINS hosts; i.e. , be interfaced with a COINS Host Access 
System and use the COINS protocols. See paragraph IV A.I., 
preceding. If these hosts are not interfaced via a HAS or 
other protocols are implemented, special arrangements must 
be made for their attachment to COINS. 
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2. Users who access the COINS from a TAS will require 
COINS-provided special services for the storage, processing, 
and display of retrieved data. Also, services provided for 
universal use that can be provided more cost-effectively 
by COINS will be developed and implemented by the COINS 
PMO. 

If this assumption is false, development programs and 
contracts must be curtailed depending on the inaccuracy of 
the assumption. 

C. Issues 

The number of DODIIS hosts to be attached to COINS is not 
known. The number of hosts and the schedule for joining COINS 
must be established in order to plan, program, and budget for 
the hardware and software acquisition. The delay in establishing 
the number and schedule could result in unacceptable delays in 
attaching the hosts to COINS and delay the transition of IDHSC 
to AUTODIN II. 

V. APPROACH 

The approach to meet the long term objectives of the COINS PMO 
is to evolve modularized hardware and software for the IMPs, COINS 
Access Systems, and COINS PMO Service hosts so that functions may be 
changed, added or deleted on any component easily with minimum impact 
on the component and other components in the network. The functional 
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description of the COINS presented in Part II, COINS Architecture, 
will provide the basis for modularization. 

This approach will provide for the addition, modification or 
deletion of functions on a universal basis (e.g., all access systems), 
a subset Ce.g., all terminal access systems), or on a single component 
Cone access system). In this way components can be tailored to meet 
specific requirements without sacrificing the advantages of standardi- 
zation. 

As mentioned, the approach is evolutionary, and probably will 
not be completely implemented until the end of the 1980’s. To accom- 
plish the degree of modularity required, hardware and software must 
be implemented whose architecture is supportive of modular implementa- 
tions of the required functions. 

A. Interface Message Processors (IMPs) 

The functionality of the IMPs has remained static since the 
packet switching technology was adapted for COINS. There are no 
plans to change the functions being performed by the IMPs. The 
Honeywell H316 processors will be replaced by BBN C/30 processors 
The BBN C/30 is the smallest system available in the BBN micro- 
programmable Building Block line of computer systems. If the 
functions assigned to the dP were increased, the C/30 capacity 
and capability could be easily enhanced to accommodate the 
increase. 
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B. COINS Access Systems (CASs) 

Of all the components of COINS, the COINS Access Systems 
will. benefit most from a modular /functional approach to accom- 
plish the delivery of COINS network services. The Terminal 
Access System CTAS) as presently configured, is a relatively 
large DEC PDP 11/70 system at approximately $250,000 per copy 
for hardware. The number of TASs will increase from two to six 
over the next two years and perhaps more in later years, but no 
firm projections have been made. The current TAS is configured 
to provide many services beyond those required for te rminal 
access and its configuration does not easily support tailoring 
each TAS to the needs of the organizations and individual users. 
Ideally, each service (or perhaps logical subset) would be main- 
tained in a standard configuration and provided to those access 
systems that have need for it. Likewise, any special hardware 
for a service would need to be part of the TAS only if the ser- 
vice was installed. The general purpose hardware, e.g,, memory 
and processing power and terminal ports, would be sized for each 
TAS installation. The modular approach to network services will 
provide for structuring a minimum TAS (hardware and software) 
when only terminal access support is needed, and will provide 
for a TAS that looks more like a service host, if such is re- 
quired, without losing control of the configuration of the hard- 
ware and software and still take advantage of reduced costs 
afforded by standard hardware and software acquisition and main- 
tenance. 
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Even If hardware cost becomes sm insignificant part of 
the total cost, a functional modular approach to the hardware, 
and software architecture will minimize the. impact of software 
changes in one function on other functions, and will facilitate 
the changing of software to firmware and vice versa when de- 
sirable. 

The same advantages apply to the Host Access Systems (BASs) 
and Network Access Systems (NASs) , but perhaps not to the same 
extent. To date, only one HAS has been installed and, although 
a gateway exists between IDHSC and COINS, it is not a COINS 
standard. With such: little experience, the functions that may 
be optional for a HAS or NAS cannot be known with much confidence 
In some instances, however, a HAS may also provide for terminals 
to access the COINS network through the HAS . This will require 
some of the TAS services and hardware to be installed in the HAS. 

Similar situations may prevail with the NAS. It is expected 
that the. need for a modular NAS will be clear if the envisioned 
local office networks 'with wide variations in their capabilities 
and protocols are attached to COINS via NASs. Some with a rich 
assortment of services will use a minimal NAS, with others the 
NAS may be the best location to provide needed services normally 
associated with a TAS. 

The NAS design in total requires collaboration with the 
gateway designers of the other network. It is not clear if the 
COINS PMO should be responsible for developing software to 
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translate from COINS to what is expected by the other network 
or to translate from other into COINS, do both or neither. The 
assigned responsibilities (to COINS PMO and other networks) will 
most likely be different for different networks. 

The first steps :Ln the evolution to a modular architecture 
for 'hardware and software will be to upgrade all COINS host in- 
terfaces to standard Host Access Systems, to provide a functional 
description of the NAS, and to develop a design for the COINS 
half of the system. Many functions (at least at the less detailed 
levels) for all access systems are the same; for example, access 
control, monitoring and usage reporting. For this reason, a 
functional description of each access system will be prepared 
in order to select a single hardware architecture to satisfy 
all COINS Access Systems. 

Once an architecture has been established and the basic 
design is developed, suppliers can be identified to provide the 
standardized, modular hardware and software. 

Further, if the downward trend of hardware cost continues, 
the implementation of redundant CASs will be considered to improve 
reliability especially for hosts access systems and network access 
systems. 

C. Service Hosts 

» 

The implementation of the User Support Information System 
(USIS'> on a dedicated computer in FY82 and the transfer of 
the Network Usage Information Subsystem (NUISS) to the Network 
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Management Computer in FY82, the Network Service Host (NSH)~ will 
be free to offer services to users. The NSH will initially pro- 
vide the capabilities for users to keep personal files and per- 
form text editing fractions on the personal files. As a follow-on 
a Data Base Management System (DBMS) will be installed on the NSH 
for local file retrieval and data manipulations. 

In addition to the NSH, the installation of the CIA RECON 
host will provide for implementing files of community interest 
that are sponsored by agencies that do not sponsor a host on 
COINS. It is expected that the CIA RECON host will be installed 
in FY85 although a schedule has not been established. 

D. ADAPT 

ADAPT II will be ready for evaluation beginning in FY81, 

It will be installed on one or more TASs for use by the persons 
supported by the TAS and by COINS PMO personnel. The evaluation 
is expected to be done over a 12-month period. During the evalua- 
tion, minor changes will be made to enhance the utility of 
ADAPT II. 

During the evaluation a specification will be prepared for 
ADAPT III based on user experience with ADAPT II and identified 
additional capabilities. ADAPT II will continue to be used in 
an operational environment during the development of ADAPT III 
which will be evaluated in a fashion similar to ADAPT II, 
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E. User Support Information System (DSIS) 

A DSIS pilot system will be installed on DEC PDP 11/70 
computer in the COINS PMO, The pilot system will be used during 
FY81 to assess its benefits and to develop a specification for 
a production model of USIS (DSIS-I) , assuming that the DSIS 
benefits can justify the cost of its development. The develop- 
ment of the production model will take place during FY82 and 
FY83. 

DSIS— I will not include an on-line computer-aided instruc- 
tional (CAT) system. The incorporation of DSIS into a CAT sys- 
tem will be considered during the DSIS-I evaluation when a 
suitable CAI system can be identified for use on the COINS Network. 
At this time, it is not clear if DSIS will be complemented by a 
relatively simple CAI system or if DSIS will become one applica- 
tion on a highly sophisticated system such as PLATO. 

/ 

F. New Protocols 

1. Transmission Control Protocol and Internet Control 

Protocol (TCP/IP) 

The first step in adapting the DoD Standard TCP/IP is 
to develop a test bed to assess the impact of the new pro- 
tocols on the throughput on the COINS Access Systems, and 
to identify any needed changes in other CAS resident soft- 
ware — notably the ONIX operating system. 

Concurrently with the design of the test bed, the 
throughput of the present Network Control Protocol (NCP) 
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access systems will be benchmarked to provide a basis for 
the Impact analysis. 

During FY81, tests will be run with TCP/IP and the 
version of UNIX presently being used in the COINS Access 
Systems to make throughput measurements and to identify any 
bottlenecks. The tests will be repeated with modifications 
in UNIX or other access system software to determine to 
what extent the throughput can be increased and the bottle- 
necks can be eliminated. 

Assuming acceptable throughput can be achieved, the 
TCP/IP protocols will be installed in the COINS Access 
Systems in the latter part of FY81. 

Associated with the TCP/IP impact analysis and installa- 
tion are an impact analysis using TCP/IP and the Kernel 
Secure Operating System (KS0S ) t and the development of a 
mech ani sm to provide for the coexistence of NCP and TCP in 
the COINS. These activities are presented in Annex C, COINS 
Network Development Summary. 

2. File Transfer Protocol (FTP) 

A study will be performed to determine the requirements 
for an FTP. There is no recognized need for -an FTP to support 
users of COINS in the current mode of operations for COINS; 
i.e., query-response activity. However, the DODIIS hosts 
to be added to COINS may have need to transfer large amounts 
of information to other DODIIS hosts. Also as COINS evolves 
to provide services beyond query-response, an FTP may be 
required. 
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An FTP is now operating in COINS, but it is limited to 
transfer between DEC PDP 11 processors. If the study re- 
veals a need for an FTP for other COINS hosts, either an 
existing FTP (ARPANET FTP for example) or a new FTP will 


i 


j 


! 


be developed. 

G. Network Virtual Terminal (NVT) 

The different types of terminals that should be accommodated by 
the NVT and the characteristics of the NVT and where the translations 


from real terminal t:o virtual terminal and vice versa are under study. 

It is planned at: present to implement COINS NVT in the UNIX 
based COINS Access Slystems. Implementation of NVT for all hosts then 


will not be completed until the WINDMILL computer uses a Host Access 
System to connect to COINS - now scheduled for mid-FY1984. NVT could 
be implemerfted in IASs and the Host Access System for NDS to provide 
a richer assortment of terminals to access NDS. However, the IAS 
terminals (other than TTY Model 40) could not access RYE, SOLIS or 
DIOALS because the NVT would not be recognized by the front ends or 
gateway respectively. This limited increase in flexibility for TAS 
users will not justify starting the development of a COINS NVT. 

The specification development for a COINS NVT will be undertaken 
in FY83 with a phased Implementation starting in the second half of 
'FY84. By FY83, NVT developments for networks to which COINS will 
interface (PLATFORM and AUTODIN II for example) should be far 
enough along so that: the COINS development can take advantage of 
the ongoing or completed developments. Also, the COINS NVT trans- 
lation requirements for other network NVTs will be known. 
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H. Priority /Precedtsnce 

The priority/precedence system will be defined for COINS 
after similar systems! resident on the other networks with which 
COINS will Interface are studied and evaluated. To the extent 
that the COINS system differs from others , a translation must 
be made at the gateways for the other networks . The problems 
that may exist in assuring uniform treatment when multiple net- 
works are involved in the source-destination channel are not 
known. The procedures for the priority/precedence system w ill 
be spelled out and coordinated with all agencies involved before 
the system is designed and implemented. 

The system will be implemented in the COINS Access Systems. 

This will assure uniform treatment within COINS and will not 
involve the host systems in the system development and implementa- 
tion. Also, the system need be developed once and replicated in 
all standard COINS Access Systems. 

VI. STATUS AND PLANS 

The status of the COINS Network Services range from completely 
operatio na l, to undefined. COINS— II is an operational network and has 
completely replaced the central switch of COINS I. All traffic with- 
in COINS Is now passed via one or more IMPs from orig ina tion to 
destination. 

The ARPANET-C0INS interface experiment to determine the feasibility 

of using the ARPANET as the long haul communications net between PAC0M 

and COINS is still considered to be in a test phase. PACOM, however, 

is using the connection to submit queries and receive responses in 

support of their operational needs. 
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The same techniques that are employed in the PACGM-COINS test 
will be Implemented to give Lawrence Livermore Laboratories ( t.t.t. ) 
access to COINS in an operational mode. The LLL access is scheduled 
for mid-FY81. 

A. Interface Message Processors (IMPs) 

The Honeywell H316 IMPs will be replaced by the BBN C/30 
processors starting in mid-FY81 and phased to the end of FT83. 

A BBN C/30 has been installed in the COINS network and was shown 
to be plug-to-plug compatible with the H316. 

Five H316 COINS IMPs are now operating— -one at tit a , one at 
NPIC, one at NS A, and two at the COINS PMO, plus the BBN C/30 
in the COINS PMO. In addition to replacing the H316 IMPs, two 
new C/30 IMPs will be installed in mid-FT81— one at NAVINTCOM 
and one at the State Department to support TASs. 

B. COINS Access Systems 

The COINS Ter min al Access System (TAS) has been operational 
since FY78. Three TASs are now operating — one at PACOM and two 
at the COINS PMO. During FY81, four more TASs will be installed — 
one each at NAVINTCOM, State Department, DIA, and LLL in that 


order . 


Presently, one COINS Host Access System (HAS) is installed 
at NPIC to interface the NDS to COINS. The second HAS will be 
procured in FY82. and will be installed for the WINDMILL computer 

at NSA in FY34. 
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Three COINS Network. Access Systems (NASs) are planned for 
Interfacing the IDHSC, AUTODINII, and PLATFOEM networks to 
COINS. The IDHSC and PLATFOEM NASs are planned for Implementa- 
tion in early FY84. Implementation of the NAS to Interface 
AUTODIN II and IAIPS to COINS has not been scheduled, 

C. ADAPT II 

ADAPT I was developed to demonstrate the feasibility of the 
approach taken to address the multi-retrieval problem. 

ADAPT II is being developed and will be installed in early 
FY81. Following its installation the system will be evaluated 
relative to the user interface, the utility of provided capa- 
bilities to users, and the efficiency of operation. 

Based on this evaluation a specification will be prepared 
during FY81 for development of ADAPT III during FT82. ADAPT III 
is planned for delivery at the beginning of FY83 and will be 
evaluated during FY83. 

D. User Support Information System (USIS) 

The pilot USIS will be implemented on COINS PMO DEC PDP 11/70 
at the end of FY80. An evaluation program to be undertaken during 
FY81 will culminate in a specification for USIS-I, which will be 
developed during FY82 and FY83 . An investigation will be started 
in F783 to determine if a computer-aided Instruction (CAI) system 
would be a useful, cost-effective adjunct to USIS. If it is 
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determined that a CAI system should support US IS, a: development 
6f£ort to Incorporate USIS in a CAI system will be nndg-rt'airop 
in FT84. 

E. Network Service Host (NSH) 

The PDP 11/70 currently designated as a network service 

host has been used to develop software and to support the COINS 
Network Management System (Annex A) , and it will continue in 
these roles through PY82. Beginning in FY83, the PDP 11/70 will 
be available to support users with an editing capability and 
provide for the storage of user files. These services can be 
supported by software currently available on the PDP 11/70. 

In FY83 a Data Base Management System (DBMS) will be selected 
and installed on the network service host. The selection will 
be based on an evaluation of how well the DBMS that are available 

A 

for PDP 11 systems satisfy the perceived needs of the users to 
be supported and the cost of acquisition and maintenance. 

F. New Protocols 

1. Transmission Control Protocol and Internet Control 
Protocol (TCP/IP) 

The study to determine any detrimental effects of imple- 
menting the DoD standard TCP/IP in the UNIS based COINS Access 
System will be undertaken in FY81. The effort will start in 
FY80 with the preparation of a test bed design and a plan 
for accomplishing the study. 
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Assuming; no major problems are encountered durin g the 
study, TCP will be Implemented in the UNIX based Access 
System in FI82. 

If major problems are discovered, implementation will 
be delayed until the problems are solved. The delay will 
be determined by the nature of the problems and availability 
of resources to address them. 

2. File Transfer Protocol (FTP) 

A file transfer protocol, furnished by DEC for PDP 11 
computers, is being used by COINS to transfer system logs 
from the COINS Access Systems to the NSH computer. This 
FTP is only usable between two PDP 11 systems. 

The study to determine the need for a general FTP will 
be undertaken in FY83. If the study shows a generalized 
FTP is needed, a survey of available FTPs will be made to 
determine if an existing FTP can be used by COINS or adapted 
for COINS, If sin FTP must be developed for COINS, it will 
take place in FY84, 

G, Network Virtual Terminal QTVT) 

An interim report on an NVT study was completed in November 
1979. This study estimated the cost for developing a highly 
flexible NYT would range from $1,8 million to $2,7 million, 
Because an NVT would not be of significant value to COINS users 
until all resources were accessible using an NVT, the start of 
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and NVT program will be delayed until FY83 . It is expected that, 
other NVT developments now planned or in progress w ill be usable, 
at least In part, and will reduce the cost of a COINS NVT signifi- 
cantly. Also, the NVTs now being considered for IDHSC, AUTODIN II 
and PLATFORM, will be firm enough to provide a firm specification 
for translating between the COINS NVT and other network NVTs. 

In FY83 the NVT for COINS TASs and HAS s will be specified. 

The development effort will take place in FY83 and FY84. Imple- 
mentation will be accomplished by the end of FY85. 

The NVT for COINS Network Access Systems (NASs) will be 
included in the designs for those gateways. The design for the 
IDHSC and PLATFORM NASs will start in F783 and be implemented 
in FY84. The ADTCIDIN II NAS design is not scheduled. 

Presently, the TTY Model 40 teletype is a de facto .NVT id., 
the COINS Network. The Delta Data terminals on NDS and other 
types of terminals on the NSH are made to appear as TTY Model 40 
when they enter the COINS Network. The same approach is being 
taken for the HP 2645 terminals at NAVINTCOM. 

H. Priority /Precedence 

The study of the priority /precedence systems used in the 
network that will interface COINS (AUTODIN II, IDHSC, and IAIPS) 
will take place in FY83. The functional description of the COINS 
priority /precedence system and the procedures for when the system 
will be envoked, treating traffic reaching COINS or in COINS, 
and treating the priorities/precedences of the interfacing net- 
works will be prepared in FY83. 
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The procedures will be coordinated, with, all agencies partis 
cipating in COINS (users and servers) early in FY84. In antici- 
pation o f only minor changes during coordination, a design 
specification for the system will be developed concurrently with 
the coordination. Development of the system will be completed 
and implemented early in FY85. 

VII. RESOURCES AND SCHEDULE 

The. following tables show the funds that have been budgeted, pro- 
grammed or planned to procure, develop, jmplenent , and maintain the 
::hardware and software associated with the COINS Network Resources. 
vThe funds shown are those required for procurement and for contractor? 
support. In-house resources are shown In Annex A, COINS Network 

Management System. • 

A.. Interface Message Processor (IMP) 



FY80 

PT81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 

85 

85 

165 

165 

165 

165 

165 . 

PROCUREMENT 

— 

50 

100 

50 

— 

* 

— 

RDT&E 

— 

— 

— 

— 

— 

— 

— 

TOTAL 

85 

135 

265 ; 

215' 

165 

165 

165 


1000 of Dollars | 


The O&M funds are; for the hardware and software maintenance of 
the present H316 IMPS in FY80, FY8I and FY82 and to maintain the BBN C/30 
IMPS starting in FY81 and continuing through FY86. 
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The procurement funds, FY81-FY83, are for the purchase of five 
BB1T C/30 processors and their resident software. Not shown is the 
acquisition of two or three BBN C/30 IMPs to be provided by the 
PLATFORM project in exchange for a COINS PMO owned BBN PLURIBUS IMP. 
B. COINS Access Systems (CASs) 



FY80 

FY81 

FY82 

FT83 

FY84 

FY85 

FY86 

0&M 

260 

420 

813 

1,078 

1,078 

1,078 

1,078 

PROCUREMENT 

746 1 


780 2 

— 

— 

— 

— 

RDT&E 

123 

100 

874 

500 

250 

. 

— 

TOTAL 

1,129 

520 

2,467 

1,578 

1,328 

1,078 

1,078 


1000 of Dollars 1 


Except for $28,000 in FY80 to upgrade the existing COINS PMO 
TAS, the O&M funds are for hardware and software maintenance for 
Terminal Access Systems (TASs) , Host Access Systems (HASs) , and Net- 
work Access Systems (NASs). In FY80 three TASs, and one HAS are 
covered. Three additional TASs will be purchased in FY80 and main- 
tained starting in FY81. The TAS at LLL will be maintained under a 
separate LLL contract. Tne funds for maintaining the NAVINTCOM TAS 
will be transferred to COINS PMO via MTPR. Increases in FY82 and 
FY83 are for two NASs and two HASs that will be added to the mainte 
nance requirements through FY86 . 

1 $296 provided by COINS PMO; $225 provided by NAVINTCOM for one TAS; 
$225 provided by LLL for one TAS* 

2 Indudes funding for the purchase of: HAS for WINDMILL, NAS for.; 
PLATFORM, and a NAS for IDHSC. 
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The procurement funds: in FY80 are for existing COINS PMO TAS 
upgrade ($71,000) , for purchasing three TASs ($675,000) in FI80, and 
for purchasing two NASs and two HASs in FY82. The funds for the pur- 
chase of the LLL TAS and HAVINTCOM TAS will be transferred to the 
COINS PMO via MIPRs by the respective organizations. 

. The RDT&E f unds for FI 80 and FY81 are for software enhancements 

to TAS and HAS software. The FY82 funds are for development of NAS 
software for the PLATFORM and IDHSC NASs and HAS software for the 
WINDMILL and CTA Host HASs. The NAS and HAS software development 
will continue into FY83 . Also included in FY82 and FY83 are funds 
for expected CAS software enhancements. All FY84 funds are to de- 
velop expected CAS software enhancements. 

C. ADAPT 




PROCUREMENT 


RDT&E 


TOTAL 


FY83 

FY84 

FY85 

FY86 

25 

25 

25 

25 



123 150 150 50 


123 150 150 75 25 25 25 


1000 of Dollars 


The RDT&E funds in FY80 are for the development and implements 
tion of ADAPT II. FY81 RDT&E funds will provide for the evaluation 
of ADAPT II, min or enhancements to ADAPT II and preparation of the 
ADAPT II specification. FY82 funds are to be vised for developing 
ADAPT III which will be evaluated using FY83 funds. 
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Maintenance of ADAPT is planned to commence in FT83. 
D. User Support Infor mation System (USIS). 


D&M 

procurement 

RDT&E 

TOTAL 


PY80 I FYB 1 1 RV82~ FY83 FY84 FY85 FY§6 

__ 50 50 50 

__ — 300 ~ 

96 50 250 300 250 200 100 

96 50 550 300 300 250 150 

~~ J t non of Dollars 


The EDT&E feeds budgeted in TOO will provide a OSIS Pilot system 
that rill be evaluated in PY80. FY82 and FT83 FBXSE tends will be 
weed to develop USIS I. Also in FT83, the feasibility of complementing 
BSIS with a Computer Aided Instruction (CAI) system will be determined. 
Assuming a 0SIS/CAI system is desirable, it will be developed in FT 
and FY85. Funds for OSIS enhancements are planned in FT85 and FT86. 

Contractor maintenance for OSIS rill start in FT84. Purchase of 
the OSIS Host Computer System will take place in FY82. 

E. Network Service Host (NSH) 


O&M 

FY80 

FY81 

FY82 

FY83 

FY84 

5 

FY85 

5 

PROCUREMENT 

— 

— 

— 

25 

' 

" 


RDT&E 

TOTAL 


- - - io 


i 

1000 of Dollars 
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The O&M procurement and RDT&E funds are for the selection acqui- 
sition and implementation and maintenance of a data base -man agement 
system for the COINS FMO network service host. 


F. New Protocols 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 








PROCUREMENT 








RDT&E 

» 

00 

o 

100 

25 

45 

150 

— 

— 

TOTAL 

80 

100 

25 

45 

150 




1 1000 of Dollars 1 


*Funds provided by ASDC3(.I) 

' The study to determine any detrimental impact of replacing the 
Network Control Protocol (NCP) with TCP in the COINS Access Systems 
will start in FY80 and be completed in FY81. Assuming the replacement 
of NCP with TCP is desirable, it will be implemented in extant COINS 
Access Systems in FY81 and FY82. COINS Access Systems acquired after 
FY81 will have TCP. 

The RDT&E funds in FY83 are to determine the requirement for a 
FTP to survey existing protocols and to select and adapt an existing 
FTP for COINS. In the event a new FTP must be developed, the FY84 
funds will be required. 
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Network Virtual Terminal (NVT) 


FY80 

Ff81 

FY82 

FY83 

FY84 

FY85 

FY86 


350 

250 

200 

100 

350 

250 

200 

100 


ROCUREMENT 


RDT&E 


AL 


[ 1000 of Dollars I 

Development on NVT for COINS is planned to start in FY83 with a 
Phase 1 operational capability to be implemented by the end of FY84. 

A second version of NVT will be undertaken in FY85 and implemented in 
FY86. 

Installation of NVT will be limited to COINS Access Systems, 
and, the maintenance of NVT is included in the O&M funding plan for 
the COINS Access Systems. 

H. Priority/Precedence 


1 FY80 

I FY81 ' 1 

| FY82 I 

f FY83 | 

FY8 


PROCUREMENT 


RDT&E 


TOTALS 


150 200 50 


150 200 50 

1000 of Dollars 
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The RDT&E funds cover t:he study of the other network systems, 
developi n g procedures, and the design and Implementation of the COINS 

pi^Lori^/precedence system. Since the system will be installed in 

-•*; ,***"*^’ 

the CASs r O&M funds for maintenance are included in the CAS funding. 


I. Total COINS Network Resources 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

0&M 

345 

505 

978 

1268 

1323 

1323 

1323 

PROCUREMENT 

746 1 

50 

1180 

75, 

— 

— 

— 

RDT&E 

422 

400 

1299 

1405 

1100 

450 

1 

200 

TOTALS 

1513 

955 

3457 

2748 

2423 

1773 

1523 


| 1000 of Dollars I 


*$296^ provided by COINS PMO for one TAS; $225 provided by NAVINTCOM 
for one TAS; $225 provided by LLL for one TAS. 
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SCHEDULE 


IMP 


• 

Purchase BBN C/30 

• 

Install BBN C/30 

NAVINTCOM 

State Dept. 

• 

Replace H316 with 

C/30 

CAS 

• 

Purchase 3 TASs 

• 

Install IASs 

NAVINTCOM 

DIA 

LLL 

State Dept. 

• 

Install IAS Enhance- 
ments 


Purchase 1 HAS ■ 
and 2 NASs 

• 

Develop HAS and NAS 

Software 

• 

Implement Software 
for: 


PLATFORM NAS 

3DHSC NAS 

WINDMILL HAS 

• 

Install CAS Enhance- 

- .. 

ments 

NSH 

• 

Select DBMS 

# 

Implement DBMS 


FY80 

FY81 

FY82 

FY83 
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SCHEDULE (Continued) 



FY80 

FY81 

FT82 

FY83 

FY84 

FT85 

FY86 

ADAPT 








• Develop & Implement 
ADAPT II 


jk, 






m Evaluate ADAPT XI 






• 


e Prepare Specif i-' 

cations for ADAPTED 


- -i 





- 

e Develop & Implement 

ADAPT III 

a ADAPT TTT 




% 

k 



* 




A 




USIS 








• Develop & Implement 
Pilot USIS 

i 

i 






• Evaluate Pilot USIS 



It 





• Develop USIS 

• Implement USIS 

0 Evaluate CAI 




i 

i 




• 



A 



• 

i 


! 




• Develop USIS /CAI 

• Implement USIS/CAI 

NEW PROTOCOLS 






d 








^ 








• Define TCP Test Bed . 

- i 

i 






• Evaluate TCP 


A 






• Implement TCP 








• Determine FTP 
Requirements 













> 

A 




• Adapt FTP for COINS 




1 



NVT 

* * ' 


‘l 


1 

1 



• Develop NVT 

• Implement NVT 





. _ 





— — tt 

. - i 





i 




c 


B-39 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 

















Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 

I 

| Community On-Line Intelligence System 

1 Project Management Office 

| 

National Security Agency 

Fort Goorgo G. Moods, Maryland, 20755 



COINS NETWORK DEVELOPMENT 


ANNEX C 


COINS TECHNICAL SUPPORT PLAN 


Prepared by 
The MITRE Corporation 
7 August 1980 


ved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 



Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


TABLE OF CONTENTS 

Page 

I. DESCRIPTION C-l 

II. LONG-RANGE OBJECTIVES C-3 

III. JUSTIFICATION C-3 

IV. FACTORS BEARING ON THE PLAN C-5 

A. Facts C-5 

B. Assumptions C-6 

C. Issues C-7 

V. APPROACH C-8 

A. General Procedure C-9 

B. Net Development C-10 

C. Training Management C-12 

VI. STATUS AND PLANS ♦ C-12 

VII. RESOURCES AND SCHEDULES £-14 

A. Man-Machine Relationship Program (MMRP) C-14 

B- RITA C-15 

C. TEXT EDITING /WORD PROCESSING (NED) C-15 

D. GRAPHICS C-15 

E. ADAPT, MMRP AND RITA INTEGRATION C-15 

F. TOTAL NETWORK DEVELOPMENT C-16 

SCHEDULE 17 

APPENDIX: CAPABILITIES FOR EVALUATION 18 


iii 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


I. DESCRIPTION 

This annex provides the long-range plans for new development, 
evaluation, and testing of liardware and software necessary to provide 
and maintain high quality COINS services so that users will be encour- 
aged to exploit the COINS accessible resources. 

The COINS PMO Is not responsible for building better mouse traps, 
but for providing accessible easy-to-use paths to the door. In this 
regard the COINS PHO will continue to remove or reduce the barriers 
that exist between the information stores and the users' capability to 
make full use of the information. Many of these barriers have been 
described in Section I, COINS Concept of Operations, and Section II, 
COINS Architecture. Notable are the need to use many retrieval lan- 
guages and the shortage of automated user tools to store, manipulate 
and otherwise process information from many sources after retrieval. 
Ways to remove or reduce these barriers is the object Of COINS network 
development activities. 

The main thrust of COINS network development is technology trans- 
fer. The COINS PMO looks to existing capabilities or capabilities 
being developed (and funded) by other organizations and evaluate them 
to determine if they can be adopted or adapted for use in COINS, Para- 
mount of the technology transfer approach was the adaptation of ARPANET 
packet switching technology to COINS in order to improve the poor net- 
work performance and to decrease the vulnerability associated with the 
central store and forward switch that preceded packet switching in 
COINS. Technology transfer continues in many other areas. 
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The development (.COINS funding) route is chosen only when no 
other acquisition of the capability is satisfactory and the need for 
the resulting capability justifies the higher- acquisition cost. Major 
among the developments are the COINS Access Systems — TAS , HAS, and 
NAS. 

In addition to the development and the evaluations associated 
with technology transfer, network development includes the testing of 
developed or modified capabilities prior to their achieving operational 
status in COINS. 

To support the COINS Network Development, test beds are needed 
for new development, evaluation, and testing. These test beds consist 
of general and special purpose hardware and software, and must be 
tailored to support the capability involved in the activity. The 
amalgam of these test beds is called the Technology Transfer and 
Research Facility (TTRF) . The TTRF will be a dynamic facility— -changing, 
growing, and shrinking depending on the activities being supported. It 
may contain many test beds at one time, and a test bed may be geographi- 
cally distributed; i.e. , the TTRF is not constrained to a single location 

Although TTRF is primarily a research, test and evaluation 
facility, the technology transfer functions require extensive train- 
ing of users who will participate in the testing and evaluation of 
the new capabilities. To provide for realistic test and to accom- 
plish the necessary training, the TTRF must provide terminal access 
to the COINS network and associated host computers. For this reason, 
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It lends itself well for vise as the main training facility to access 
the User Support Information System (USIS) to indoctrinate potential 
users of COINS and to train, them in how to use the operational capa- 
bilities and data available via the COINS network. The use of the 
TTKF to support operational training will require only a small part 
of the computer and terminal time, and in many instances both research 
and training support can take place simultaneously. Using the TTKF 
to support operational training, therefore, will not adversely affect 
its primary function. 

H. LONG-RANGE OBJECTIVES 

The long-range objectives of the COINS Network Development are 
little, if any, different from the short term. The continuous assess- 
ment of the quality and quantity of COINS— provided services as des- 
cribed in Annex A, COINS Network Management System, will identify 
areas where more efficient or more effective support should be pro- 
vided to COINS users. Resource constraints as well as other external 
influences will dictate a priority for undertaking network improve- 
ments. The long-range objectives then are to provide as many needed 
improved or additional services as are possible within the constraints. 

The TTKF long-range objective is to locate at a TTKF computer 
at one (or more) of the intelligence schools (DIS, ISC or NCS) and 
provide terminal access to it from the other schools. In this way 
the schools can participate extensively (if desired) in the evalua- 
tion of new tools and techniques, and also have access to USIS and 
all other COINS accessible resources for operational training. 


C-3 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 





HI.. JUSTIFICATION 

The network development activities are required to improve and 
maintain the effectiveness of COINS in supporting the users of its 
accessible resources. Thesse activities include the adoption, adaption 
or development of needed hardware and software capabilities, the test 

and evaluation of new or new ^releases of software and user training. 

3 

The ASD(C I) has directed all DoD packet switched networks to 
adopt the DoD standard Transmission Control Protocol and the Intenet 
Control Protocl (TCP/IP) . It is necessary to identify any adverse 
affects TCP/IP may have on the performance of the COINS Access Systems . 
The performance measurements will be made in the COINS Technology 
Transfer 'Research Facility. 

The justification for technology transfer stems from the belief 
that it is more cost-effective to adapt hardware and software for the 
COINS community of users than it is to expend resources on development 
of capabilities to satisfy perceived needs. 

Some capabilities are, and will be, the result of research, projects 
funded by the DoD. The technology transfer research activities provide 
vehicles not only to determine if operational capabilities are useful 
in the COINS community, but provide vehicles to influence development 
to improve the probability that a final piece of hardware or software 
package will be a cost-effective addition to the COINS-provided services 
The ADAPT system, which provides a uniform data language interface to 
multiple query languages, and the Man-Machine Relationship Program 
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(MMRP) are two examples of projects Initiated by the DoD Advanced 
Projects Research Agency (DARPA) that are, or will be, using the 
COINS community via the TTRF to evaluate the prototype editions of 
the capabilities . 

This synergistic relationship provides DARPA with evaluations 
of the fruits of their efforts In an operational or operational-like 
environment and provides the COINS PMO with the opportunity to In- 
fluence further developments. 

The funding for the development of the Kernelized Secure Operating 

3 

System (KSOS) was arranged by ASD(C 1). KSOS was developed to run on 
the DEC PDP-11 computer and emulates the UNIX operating system , The 
PDP-11 with the UNIX operating system is the base for the COINS Access 
System. Because of this and the potential of KSOS to improve COINS 
security, ASDCC 3 !) and COINS PMO have agreed to use the COINS Technology 
Transfer Research Facility to construct a test bed to evaluate the 
security features of KSOS and to do performance measurements on KSOS 
based COINS Access Systems. 

Within the TTRF is a COINS-II Terminal Access System (TAS) that 
will be compleme n ted from time to time with the hardware and software 
capabilities to be evaluated. It is expected that the TTRF will not 
be always fully loaded in performing technology transfer research 
activities. For this reason, it will be used as a test bed to check 
out new software or new software releases for the TAS. These final 
tests will be accomplished in the TTRF without adversely effecting 
the operational use of the COINS-II network, 
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The TAS In the TTRF will also function as the system to support- 
the training of new COINS users in how to access the COINS network 
and the rich assortment of resources provided by the COINS host computers 
IV. FACTORS BEARING ON THE PLAN 

A. Facts 

1. The COINS PMO has agreed to use the TTRF to construct 

% 

a test bed to evaluate capabilities being developed under 
the DARPA Man-Machine Relationship Program. 

This is a long-term program that will provide new 
hardware and software and iterative evaluation-improvement 
cycles. The first version of the electronic desk was de-^ 
livered to the COINS PMO for evaluation in June 1980, 

2. The second version of ADAPT (ADAPT II) was funded by 
the COINS PMO. ADAPT II must be evaluated in a realistic 
environment before making it available for operational use. 
ADAPT II will be delivered in October of 1980, 

B. Assumptions 

1. COINS will be required to provide information handling 
services other than query -response. 

If this assumption is false, the network development 
activities will be much diminished, and the TTRF will be 
difficult to justify. 

2. Remote access to the TTRF will be available usin’g 
st an d a rd COINS terminals and other nonstandard equipment for 
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the purpose of engaging . in technology transfer research 
activities from remote sites; e.g., the intelligence schools 
and Washington, D.C. area subscriber agencies. 

If remote access is not available, then training activi- 
ties must be treated differently than planned. Also, the 
approach to capability evaluation of involving users at their 
home stations will not be possible nor will contractor and 
COINS FMO personnel have the option of developing or presenting 
realistic demonstrations of capabilities at the intelligence 
schools or other sites. 

C. Issues 

1. Access to computers other than the TTRF DEC PDP-11/70 
has not been provided nor are there plans to do so, If 
arrangements can be made to access computers on the COINS 
network and other networks (e.g., ARPANET) to eva lua te capa- 
bilities available on those computers, the technology trans- 

j 

fer research activities would be much enhanced. The use of j 

i 

these computers in the entire capability evaluation process j 

would be ideal. However, many technical and organizational 
problems inhibit or preclude this ideal solution. On the j 

other end of the spectrum, a minimal use of these other com- 

i 

puters is to do the preliminary evaluation to determine if 
additional resources should be expended to do further evalua- 
tions. A resolution of the issue that goes as far beyond 
the minimal use as practical is preferred, 
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If - the status quo is maintained, the hands-on evaluation 
work will be limited to capabilities that can be made to 
function on the DEC PDP-11/70, The cut-off point for deter- 
mining if a capability has enough promise to warrant its 
implementation on the TTRF computer will be much higher 
because the cost of evaluation will be higher. The conse- 
quence is that fewer capabilities will be examined because 
the cost to install them on the TTRF computer for further 
evaluation cannot be justified. 

2. It is presently planned that the TTRF staff initially 
will be contractor personnel. Most of the technology trans- 
fer research activities will require access to the substantive 
intelligence files. If, however, contractor personnel are 
restricted from accessing many of the substantive intelli- 
gence files as they now are, the staff will have to be drawn 
from in-house resources. _ 

V. APPROACH 

The approach to satisfying the long-term objectives of the COINS 
Network Development is to find cost-effective ways to meet the quanti- 
tative and qualitative needs of the COINS .user and server communities. 

The first step in satisfying a requirement is for the COINS PMO 
to decide if it can be satisfied by using or modifying a resource 
available within COINS . Only those requirements that require the 
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Introduction of a resource new to COINS, or that require an existing 
resource to be significantly changed will be considered Network 
Developments . 

If a resource new to COINS is required, existing or developing 
resources exter n al to COINS will be evaluated to determine if they 
can be adopted or adapted to satisfy the requirement. New develop- 
ment will be considered only when it is the most cost-effective way 
to satisfy the requirements. New developments, once they are tested 
and ready for evaluation, will be treated in a fashion similar to 
existing resources that are being considered for transfer to COINS. 
Step a., in the following general procedure does not apply to new 
developments . 

A. General Procedure 

Evaluation of new resources will be conducted by a "tech- 
nology transfer manager" and his staff within the COINS PMO 
with assistance from the COINS user community. Once a resource 
has been designated for evaluation, the following general steps 
will be taken: 

a. The resource will be installed for preliminary 
evaluation. 

k* For promising resources, demonstrations to show 
how the capability may be used In an operational 
environment will be developed. The demonstrations 
will use as realistic applications as are practical 
for a training environment. 

C-9 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


c. Potential users of the resource who are to participate 
in the evaluations will be shown demonstrations 

and trained in using the new resource. 

d. A period of supervised use will be provided for 
the participants. 

e. Access to the capability will be provided to selected 
users at their home stations, when this is practical, 
for their use and further evaluation in an operational 
environment „ 

f. The evaluation will be concluded with a report prepared 
for the COINS PMO by the technology transfer manager 
with major contributions from the users. The report 
will Include a recommendation: to implement, to modify 
and Implement, to select an alternative capability, 

to continue in an experimental mode, to do some com- 
bination of the preceding, or to discard the resource. 
B. Network Development 

Management of the net development activities will be the 
responsibility of the COINS PMO with assistance from a coordina- 
tion group composed or representatives from the intelligence 
agencies — -CIA, DIA, NPIC, and NSA — and from the State Department 
and Department of Energy. 

The COINS PMO will identify resources for evaluation. To 
support the evaluation of resources, the COINS PMO will be re- 
sponsible for: 
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a. 

b. . 


c. 


d. 


e. 


f- 


g-- 


h.’ 


i. . 

j. 

k. 


1 . 


Developing evaluation plans . 

Identifying any additional hardware and software 
needed for the evaluation. 

Acquiring any additional hardware and software. 
Coordinating the installation of any additional 
hardware and software with participating organizations 
when required. 

Developing needed software when development is the 
most: reasonable way to acquire the resource. 
Coordinating the evaluation plans with the coordi- 
nation group. 

Developing realistic demonstrations of the capa- 
bilities to be evaluated. 

Training, the resource user who are to participate 
in the evaluation. 

Conducting the evaluations. 

Preparing the evaluation reports. 

Coordinating the evaluation reports with the 
coordination group. 

Allocating capacity for use by individual users 
to develop, test and evaluate resources to address 
their substantive problems. 
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The coordination group will be responsible for; 

a* Reviewing the resources identified by the COINS PMO 
for evaluation 9 identifying additional resources 
to be evaluated, and prioritizing the resources 
to be evaluated. 

b. Identifying the substantive intelligence problems 

% 

that can use the resources to be eva lua ted and 
selecting one or more problems for use in the 
evaluation. 

c. Identifying personnel within, each agency who will 
participate in the evaluations. 

d. Reviewing the evaluation plans and schedules 
prepared by the COINS PMO. 

e. Reviewing the progress- of the evaluations. 

f. Coordinating with the COINS PMO to address any 
interagency problems that may hamper the evaluations . 

g. Reviewing the evaluation reports prepared for the 
COINS PMO. 

h. Coordinating implementation actions when it is 
decided that a capability should be implemented, 

VI. STATUS AND PLANS 

The near-term plans call for the evaluation of ADAPT^-II from 
October 1980 through June of 1981. The USIS evaluation will start 
in October of 1980 and run through September of 1981, The first phase 
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of the Man-Machine Relationship Program (MMRP) will start In FY81. 

The MMRP evaluation will continue on an as-required basis for several 
years as additional capabilities are developed. Also the TTRF will 
be used as the test bed to test and evaluate TCP4/IP and the Kernel ized 
Secure Operating System (KSOS) in conjunction with COINS Access Sys- 
tems. TCP4/IP and KSOS testing will be accomplished during FY81 and 
FY82. The initial phase of the prototype BLACKER system test and 
evaluation will start in early FY81. 

During the mid-term (FY83 - FY84) application of computer-aided 
instruction (CAI) techniques to COINS training will be evaluated in 
the TTRF. This evaluation will be part of the User Support Informa- 
tion System (USIS) . The evaluation of the standard secure network 
front-end (SNFE) will also involve the TTRF during the mid-term. 

The evaluations of RITA, NED, and the graphics package applica- 
tions to intelligence problems will start in FY83. It is possible, 
however, that other COINS-PMO development efforts may find use for 
one or more of these resources prior to FY 83. The Network Usage 
Information System is a strong possibility for the graphics package 
and NED provides an easy-to-leam and easy-to-use editor for 
capturing and maintaining on-line user guides in support of the 
User Support Information System. 

A DEC PDP-11/70 will be delivered in December 1980 for the 
Technology Transfer Research Facility. The TTRF PDP-11/70 will 
house the prototype USIS and may be used for the KSOS and TCP4/IP 
evaluations, although the KSOS and TCP4/EP evaluation will initially 
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use the Network Service, Host in the test bed.. In FY83 USIS will be 
placed on a dedicated computer; freeing the TTRF PDP-11/70 of that 
work load. At that time the TTRF PDP-11/70 will be installed at one 
of the intelligence schools with a complement of terminals to support 
development and training and evaluation. Remote terminals will be 
Installed at the other schools to support training and for evaluating 
new tools and techniques in a psuedo-operational environment. 

The BLACKER hardware and software was delivered in April 1980 
and evaluations with NPIC/NDS should start by the end of FY80 and 
with NSA/SOLIS in FY81. BIACKER will go through a multiphase test 
and evaluation program through FY84. See Annex D, COINS Network 
Security for more detail. 

VII. RESOURCES AND SCHEDULES 

The following tables show the funds budgeted, programmed and 
planned to perform the network development activities that are not 
included in the other annexes to the long range plan. • Annex B, 

COINS Network Resources presents the resources and schedules for 
ADAPT, USIS and the TCP4/IP evaluations. Annex D, COINS Network 
Security, presents the resources and schedules for the BLACKER, 
Kemalized Secure Operating System (KSOS) and the Secure Network 
Front End (SNFE) evaluation. 

FY 79 funds were used to procure the DEC PDP-11/70 TTRF 
computer, and therefore are not reflected on the following table. 
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The funds shown on the following tables are for evaluating 
existing capabilities or capabilities being developed with project 
funds external to COINS. 
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D. GRAPHICS 



FY 80 

!81 

82 

83 

84 

85 

86 

O&M 

PROCUREMENT 

RDT&E 


1 

■ 

75 

75 

75 

75 

TOTAL 


■ 

|| 

75 

75 

75 

75 


1000 

of Dollars 




E. ADAPT, MMRP AND RITA INTEGRATION 



FY 80 

[81 

82 

83 

84 

85 

86 

O&M 

PROCUREMENT 

RDT&E 


1 

■ 

■ 

175 

175 

175 

TOTAL 


II 

| 

|| 

175 

175 

175 


1000 

of Dollars 




The RDT&E funds In FY84 are to evaluate the integration 
RITA, ADAPT and the extant MMRP capabilities into an analyst 
work station. The FY85 funds are to develop a demonstration 
of how the integrated capabilities can be used on a realistic 
analyst problem. 

F. TOTAL NETWORK DEVELOPMENT 



FY80 

81 

82 

83 

84 

85 

86 

O&M 








PROCUREMENT 


— 

— 

— 

—— 

— 

— 

RDT&E 


40 

50 

330 

430 

430 

430 

TOTAL 


40 

50 

330 

430 

430 

430 


1000 of Dollars 1 
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CAPABILITIES FOR EVALUATION 


C-18 


Approved For Release 2003/08/18 : CIA-RDP83T00573R0001 00140001 -8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 



C 


The capabilities to be considered for evaluation in the 
network development activities are MMRP, RITA, the Text Editor (NED), 
and a Graphics Package. A separate plan will be developed to cover 
the evaluation of each capability. 

The following paragraphs present brief descriptions of these 
capabilities, and some general applications for RITA, NED and the 
Graphics Package. These kinds of general applications will be used 
in addressing realistic problems in the evaluations. 

Man Machine Relationship Program (MMRP) 

Description: 

The MMRP is a research and development project being funded by 
DARPA. It includes hardware and software development. The 
main thrust of the project is to determine the characteristics 
of a work station at various levels of endeavor; i.e., from 
analyst level through the policy making levels of government. 
The hardware and software are presently in their embryonic 
state. It is expected that many incremental Improvements will 
be made over the next several years. 

RITA 

Description: 

Rule-directed Interactive Transaction Agent — is a system 
designed for use by persons who are not computer sophisticates 
to develop agents (computer programs) to perform tasks in an 
automated fashion. It is under development by Rand and is 
experimentally operational . 
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Applications: 

• Preparing and maintaining human-machine interfaces t ai lored 
to individual analysts. 

• Preparing and maintaining programs to perform simple 
repetitive analyst’s tasks, 

e.g., monitoring data for abnormal or out-of-bounds 
activities . 

• Updating stored queries to reflect changes in such thin gs as 
date of coverage, area of coverage and VIPs of interest. 

• Invo kin g queries based on the determination that an event 
occurred . 

Status: 

RITA is experimentally operational on the Network Service Host 
and will be operational on the TTKF in September 1980. 

NED 

Description: 

A CRT text editor developed by Bolt Beranek and Newman, Incorporated 
under contract to the Rand Corporation. It is used with a' CRT 
terminal to prepare and modify documents, letters, messages, and 
computer programs . * 

Applications : 

• Preparing periodic and ad hoc reports. 

• Editing personal files, e.g., query responses. 

•• Incorporating query responses into reports. 
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• Preparing queries for submission. 

• Combining query responses from different files into a uniform 
format. 

• Introducing or suggesting changes on collaborative reports. 

• Preparing messages for electronic or hard copy delivery. 

• Preparing and maintaining briefings in a current fashion. 

• Preparing and maintaining computer programs including RITA 
programs . 

Status : 

NED is currently operating on the NSH with both Ann Arbor 4080D 
CRT terminal and the Teletype Model 40 CRT terminal. 

NED will be made operational on the TTRF after it is installed. 
GRAPHICS PACKAGE 
Description: 

The set of PLOT 10 programs and a Hewlett Packard HP 2648 graphics 
terminal to provide a general purpose graphics capability for 
evaluation. 

Applications : 

• Plotting aircraft and ship movements on map backgrounds. 

• Providing graphical representations of tabular data such as 
flight activity, 

- Ships operation out of area, 

- Long term trends in force changes. 

• Preparing graphics for briefings. 

Status : 

PLOT 10 is operational on the Network Service Host. It will be 
made operational on the TTRF after it is installed. 
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Network Security. Readers who desire or need more in f ormat: ion about 
the COINS PMO plans for network security are referred to the COINS 
Network Security Development Plan. 
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I. DESCRIPTION 

The COINS security plan is an integration of a number of projects 
designed to provide maximum protection to Sensitive Compartmented 
Information (SCI) and other classified material handled in the network. 
The present state of COINS security is summarized below: 

a. The COINS network operates in a System High mode of 

TOP SECRET SI/TK. All COINS users are cleared TOP SECRET 
SI/TK. 

b. All COINS users are transaction system users. There is 

no user programming accessible through COINS on any server*- 
host in the network.*" — 

c. . Batch operations follow TMA— 3^^ security rules. 

d- All COINS computeir and terminal sites are cleared for 
TOP SECRET SI/TK operations. 

e. COINS security is; sues are handled by the COINS Network 
Security Officer (NSO) who is the chairman of an inter- 
agency committee known as the COINS Security Panel. 

f. Formal security procedures for the COINS Terminal Access 
System (TAS) are being developed. These procedures will 
delineate the security duties and responsibilities of the 
TASMASTER, administrative users, and individual end-users. 

*Since COINS exercises NO control over server-hosts, it is possible 
that a participating agency will provide programming access for its 
own users on the server-host upon which a COINS data base Is homed. 
However, such programming access IS NOT available from the COINS 
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g. The orig ina l COINS Security Panel (CSP) charter is 
being updated and reissued. The new charter will 
identify CSP members as the ISSOs for the various 
participating agencies. The chairman of the panel 
will be the COINS Network Security Officer. The CSP 
will continue to advise the COINS Project Manager 
regarding security policy, implementation of security 
measures, and security research needs of the network. 

h. COINS has no independent security authority. It has 
no authority to Impose security requirements on or 
police the enforcement of existing security policy by 
either user or contributing agencies. As a designated 
community-wide service, COINS derives its security 
requirements from. DCID's 1/16, 1/7, and 1/14; 3 * ^ 
Executive Order 12036 (for Privacy) ^ ; and USCSB 4-11 
for policy on compromising emanations. ^ COINS does 
have both the authority and independent jurisdiction 
over the security of the COINS Network (i.e., the 
secure subnet and the interface layer of TASs and NAS) . 

i. Each participating agency is responsible for insuring 
the safety of its segment of the system, including pro- 
cedures to protect access to files by authorized terminals 
or personnel and providing for proper security labels 

on system outputs . Each agency has also appointed a 
representative to the COINS Security Panel. 
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Although extensive security controls have been designed 
into the COINS Access Systems (CAS) (see below) , only 
about 1QZ of the COINS user population Is currently 
homed on a CAS. 

Just as the CAS was seen to provide a standard and 
coherent interface to users. It also provides substan- 
tial security functionality as well. 

A substantial part of the technical COINS security development 
to date has been focused in the COINS Terminal Access System 
(TAS) ^ Since its development, the TAS has evolved into a 

generalized network interface and access system (CAS) which will per- 
form the functions of a network front-end and Internet gateway as 
well. 

Because of the central role the CAS plays in the overall approach 
to providing COINS security, a review of the principal security fea- 
tures of the CAS Is presented as a base from which additional devel- 
opments will be made. 

A. Overview of CAS Security Architecture 

The CAS architecture is responsive to the diverse and dynamic 
nature of the COINS network. It provides the user a coherent 
interface to server-host computers of different manufacturer and 
to data base applications of widely varying design. It was 
conceived as a means of Insulating its users from much of the 
differences that exist in the different server-host machines 
and the data base query languages. 
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, The CAS security architecture has been designed to provide 
maximum protection to the sensitive data in the network while 
keeping the end-user’s interface as simple as possible. 

In addition, the CAS security architecture has addressed 
the problem of security administration. It provides the user 
organizations with considerable flexibility in how security is 
managed. It also allows a single CAS to support more than one 
organization, each of which can exercise full control over its 
own security mana gement yet be isolated from and non-interfering 
with other co-resident user organizations. 

The principal features of the CAS security architecture 

are: 

. a. Structured Network Identifiers 

b. User Access Authorization 

c. Server-Host Access Authorization 

d. Decentralized Security Management 

These topics are discussed in more detail below: 

1. Structured Network Identifiers (SNI) 

All CAS users are uniquely identified with an eight- 
character identifier of the form: 

TAAGGUUU 

where: 

T ®is the user's home CAS 

AA ■ is a designator representing the user's agency 
GG ■ is a group within an agency 

UUU * is the user within the grouping. (A number in 
the range 000-999) 
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The structured identifier uniquely identifies ell network 
users entering through CAS and permits both activity and 
security logging of an individuals network activity* A 
user requires an SNI and a password to log on to CAS, 

2 . Access Authorization 

Each user known to a CAS (i.e*, who^ has an SNI) has an 
access authorization record in the User-Host Access Authori- 
zation (AA) File (UH/AAF) . 

In addition, the record contains a list of the COINS 
application (e.g., RYETIP, SOLIS, DIAOLS, ADC0M, etc*) and, 
for those applications Involving multiple files, a list of 
files authorized to the user by the user's home organization* 
The user's access authorization record also contains 
interactive systems log-on information (an identifier and 
password) in the form required by the particular interactive 
system* This Information is used to perform a user-invisible 
log-on to the server-host supporting an interactive applica- 
tion* This "surrogate log-on" service of CAS Insulates 
COINS end-users from the considerable variability in log-on 
protocols that exist among the computer systems of COINS* 
Application find file access controls are applied to 
term in als as well. Each terminal connected to CAS is 
logically identified by CAS and is represented by an AA 
record defining which applications and files within the 
applications may be accessed by the terminal. 
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A "session security' level" is logically established at 
log-on based on the user's authorization and his terminal's 
authorizations. This (conceptual) level , controls what data 
may be accessed in a session. 

The user and terminal AA files are used by CAS to imple- 
ment the major functions of TMA-3: 

• Control of user access to a data base 

Verification that a user/terminal is cleared to 
receive a particular batch response 

3. Server-Host Access Authorization 

When CAS was upgraded to include server-host functions 
in 1978, the access authorization function was expanded to 
include application access authorization data. 

4. Decentralized Security Management 

The CAS security management design was influenced by the 

following major considerations: 

• Each using agency would be responsible for 
managing the security information and access 
authorizations of its own users and applications 
(where appropriate) . 

• A large using agency may wish to delegate some 
of the security management to functional organi- 
zations within the agency. 

• A single CAS may be shared by two or more inde- 
pendent agencies. 

To meet these somewhat diverse requirements, the CAS 
security architecture includes three kinds of users: 


D-6 


Approved For Release 2003/08/18 : CIA-RDP83T00573R0001 00140001 -8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 

TASMASTER — a. single user who "owns" the CAS and who 

directly or indirectly (see Administrative 
User) creates all other users. 

Administrative User - a user who has the delegated 

authority to create and administer a speci- 
fied set of ordinary users. 

Ordinary Users - users authorized to use CAS and the 
COINS network. 

An administrative user can add, modify, or delete users 
within the group that can be "named" with a single "SNI- 
prefix". That is, the up to 1,000 users who have the same 
TAAG (CAS, Agency, Group within the Agency) prefix in their 
SNI. 

Administrative users cannot affect any records other 
than those bearing the same SNI-prefix. 

The TASMASTER establishes the basic access authoriza- 
tions for administrative users. The administrative user 
can further subdivide his access authorizations among users 
within his domain. He cannot give any user more privileges 
than he has himself. It is not necessary to give an. 'ad- 
ministrative user all CAS or network privileges. 
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II. LONG-RANGE OBJECTIVES 

- The objectives listed here are the security-related objectives 
for COINS itself. The objectives provide the targets to shoot for 
and an independent basis of evaluating how well COINS meets the ob- 
jectives. Some objectives require management /organizational initia- 
tives, while others are satisfied by technical research or development 
activities . 

The following are the security objectives for COINS: 

(2 3} 

a. Insure compliance with DCID 1/16 and 1/7. * Provide 

( 3 ) 

the standardized security markings of DCID 1/7 within 
the COINS network. 

b. To evolve with the use of the network, supporting the 
security interests of users and servers alike. 

c. Demonstrate the capability to perform multi-level secure 
handling and processing of information in the network. 

I 

d. To provide better access to COINS, improve NTK controls, 
provide closed communities of interest (COIs) , and misroute 
protection in COINS by continuing to develop and refine the 
ongoing BLACKER project. 

e. Improve the technical foundation for COINS security and 
provide support for some user programming in the network 
by applying KSOS to one or more network service hosts. 

f. To support expanded usage of COINS for: 

• Data base applications 

• Development of special uses and other kinds of 
transaction systems 
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g. To offer cost-effective solutions to security problems 
arising from internetworking . 

h. Provide the ability for the network to handle multi- 
jurisdictional security protocols for NTK. 

i. Integrate the capabilities of the UNIX-based CAS/NAS with 
the BLACKER and KSOS to produce a secure NFE suitable for 
use in COINS and other integrated service networks. 

III. JUSTIFICATION 

Aside from the obvious justification for providing security of 
sensitive information, the underlying reason for the elements of the 
COINS Security program is to improve the usability of the network. 

The usability of the network is closely tied to the ability of the 
network to provide security and need-to-know protection for the in- 
formation resources being ’bandied on the network. Since the CASs 
have a role in providing local user services, they ought to be able 
to do so securely. 

At present, much of the CASs T security is derived from the 
limited user functionality they present. As we move through the 
1980's, limitations on user functionality will severely hurt the 
network's development. Thus, both the KS0S/TCP4 and BLACKER programs 
are meant to provide a better technological foundation for continued 
network growth. 

As more COINS Access Systems are installed as gateways, front-end 
and terminal access systems, server-hosts can be relieved of a sub- 
stantial administrative burden or keeping track of all of the users, 
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precluding some users from accessing proprietary information and the 
like. At this moment, the full burden of protecting a server’s 
assets falls on the server -host* s agency. In the very near future, 
to the extent and scope desired by the server agency, that burden can 
be shifted onto a CAS front-ending the server. The CAS will be able 
to enforce the security requirements and whatever need-to-know or 
proprietary access policy is desired by a server-host/application on 
users accessing the host from the network. 

Finally, a number of tasks described in this plan are included 
to improve the security management and security administration of 
the network. 

IV. FACTORS BEARING ON THE PLAN 
A. Facts 

1. COINS is currently operating at the TOP SECRET SI/TK 
level, providing support to approximately 2,400 users in 
40 different organizations. The single security level 
(systems high) mode of operation restricts the use of the 
network to only those users with TS-SI/TK access authoriza-i- 
tions . 

2. The UNIX-based CAS has built-in access and distribution 
security and need-to-know controls. This capability provides 
an important foundation upon which additional COINS network 
security can be built. 
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3. ASD(C I) has tasked COINS PMO to work with DCA to develop 
a standard secure network front-end (SNFE) . A standard SNEE 
will reduce the costs of providing secure networks , not only 
in COINS, but in other user communities. 

B. Assumptions 

1. General Assumptions 

a. COINS will continue to operate in the Washington, DC, 
area through FZ 1986 and will be expanded to: 

• Provide service to intelligence analysts in all 
appropriate agencies 

• Provide different types of information handling 
services , other than query-response (e . g . , tele- 
conferencing, text editing, specialized planning 
systems, and the like) to Intelligence community 
end-users 

• Incorporate additional host processors and other 
applications 

Even if the assumption about COINS growth proves to be 
incorrect, most of the security elements outlined in 
this plan are still required. About the only part of 
the plan that, might not be required under the assumption 
of no further growth is the part containing the eleme n ts 
leading to multi-level secure operations. 

b. COINS will have gateways to other networks. If this 
does not come to pass, then the segments of the security 
plan designed to cope with supporting users on other 
networks will not be required. 
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c. COINS will come under increasing pressure to provide 
multi-level secure operation, not only to gain access 

at the appropriate level to data classified only SECRET 
or CONFIDENTIAL, but to support access to more and dif- 
ferent kinds of SCI. In addition, COINS will have to 
show that it can control access, NTK and delivery of 
data to individual users and or terminals by name in 
order to meet the security requirements of the APEX 
system. 

d. There will be no relaxation of security constraints 
on COINS or other community systems in the next five 
years. Some additional need-to-know approvals or origi- 
nator-controlled data requirements may be added during 
this time period. 

2. Technical Security Assumptions 

a. The BLACKER prototype system will be sufficiently 
successful that it will be possible to incorporate 
BLACKER concepts and equipment in network security plans 
not later than FY 1985. 

b. The UNIX KSOS will be certified in 1980, such that 
the proposed TCP4/KS0S test bed can be established no 
later than the end of FI 1981. This assumption affects 
not only the objective of developing a multi-level 
secure network of COINS, but its failure or delay will 
affect the extension of BLACKER to other network elements. 
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c. . The design and implementation of the CAS will 
continue to be Improved to permit responsive simul- 
taneous connection of at least 64 subscribers, under 
KSOS Implementation. This assumption Is an implied 
performance objective for KSOS. While it is not antici- 
pated that the initial installation of KSOS will meet 
this objective, if it appears that the objective can 
never be met, the entire concept of a multi-level secure 
COINS network, will require serious reexamination . 

d. The results of the DARPA BCR project will continue 

to be available to COINS, particularly the work regarding 
multi-jurisdictional security administration. Since 
in some regards the BCR project is a "shadow” BLACKER, 
it is important to COINS as a backup to the BLACKER 
project and as a possible means of providing the NTK 
and COI protection in the event of a serious failure 
of BLACKER. _ 

C. Issues 

1. There is a potential for conflict regarding how to apply 
particular technological developments to achieve a desired 
capability for COINS . The potential arises from how one 
looks at the network — as a set of logical circuits (analoguous 
to wire) or as an integrated service to a community of users. 
These views lead to different interpretations of what is 
important. . 

D-13 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Approved For Release 2003/08/18 : CIA-RDP83T00573R000100140001-8 


Failure to recognize this Issue can lead to dilution 
of COINS to a mere wire-works. While It Is technologically 
possible to effect such connection (s) , the question Is 
whether or not the purpose and function of COINS is served 
by doing so. 

If the issue is resolved in favor of the logical circuit 
view of the network, then much of the network security plan, 
and other "user services" designed to be integrated in the 
access ring is unnecessary. It will also result in a net- 
work where the burden of using the network will be substan- 
tial, and on the shoulders of the user alone. 

If the issue is resolved in' favor of the value-added 
view of the network, then the BLACKER technology will have 
to be adapted (in some ways, substantially) in order to 
serve COINS needs. To a much lesser extent, there are 
similar trade-offs applicable to the KSOS if it is applied 
throughout the neitwork. 

The issue requires a careful understanding of the alter- 
natives, no-t only in the security sphere, but in the COINS 
PMO provided services as well. It does not appear that both 
views can coexist:, therefore, a choice will have to be made 
as to which view will guide COINS development over the next 
decade . 
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2. Server-hosts supporting applications contributed to 

COINS or providing terminal support to users In their 
agencies may operate under different security regulations 
than COINS (e. g., a DoD regulation Implementing the 
Executive Order and the DCID 1/16 ^ and DCID 1/7 ^ 

Regardless, COINS cannot enforce Department/Agency regula- 
tions beyond those specified in DCID 1/16^ and DCID 1/7^^ 

3. Overall security in the current network will be con- 
siderably improved if: 

• No user programming is permitted on any COINS 
server-host. 

• All "local" users of any COINS server-host 
were homed on a CAS. 

• All COINS users were homed on a CAS, . 

Even if everyone agreed to the correctness of these 
points, there is no way to effect the changes required 
since COINS does not own or control the essential assets 
(server-hosts, applications, etc.). At present, all that 
can be done is to attempt to persuade the various entities 
to move to these positions . The development and integration 
of multi-level secure processors, will remove the need for 
such restrictive measures. 

4. The internetworking of COINS with other networks 

(PLATFORM, IDHSC, etc.) creates multi-level networks (net- 

( 2 ) 

works of at least System High level in DCID 1/16 terms). 
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The DCID 1/16 "Compartmented Mode” as defined provides 
less control than System High (as defined) unless the user's 
functionality is restricted in some way not specified In 
the DCID. 
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V. APPROACH 

The security plan outlined here is directed to developing and 
applying various technical measures to COINS to achieve some or all 
of the objectives outlined in Section II. In addition, the p lan 
provides for the administration of COINS security through the COINS 
Network Security Officer. A number of items are for support of his 
effort (s) . 

The plan presents short-term Cone to three years into the 
future) and longer-term (three of five years and beyond) elements. 

To some extent, the plan is paced by the short-term objectives. 
Further, some of the longer-term objectives will be mediated by how 
the network evolves from its present form. The contribution of the 
various elements of the plan to the objectives outlined in Section I 
are illustrated In Figure 1. 

The principal approach to providing COINS security is to require 
that all users of COINS be registered (known) on some CAS (a TAS , 

HAS, or NAS) depending on where the end-user is located. With all 
network users registered and known on some network asset. It is t-b <»n 
possible to enforce access controls at the various - COINS Access 
Systems. This, coupled with anticipated developments in KSOS and 
BLACKER to protect the access control mechanisms themselves, will 

t 

provide flexible and efficient network security. 
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Program 

Element 


Objective 


Comply with DCXD 1/7, 
1/16 


Support network evolution XX 


Demonstrate multi-level 
capability 


Improve NTK, COI controls X X X X 


Improve technical founda- X 
tion of COINS security 


Expand usage of COINS 


Provide internetworking 


Handle multi- jurisdictional 
controls 


Obtain a secure network 
front-end for integrated 
networks 



FIGURE 1 


Contribution of Plan Elements to COINS Network Objectives 
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A. KS0S/TCP4 Applied to CAS /NAS 
Problems to be solved: 

a. Improved technical foundation for COINS security 

b. Support for IAS user programming 

c. Increased confidence in multi-jurisdictional 
security controls 

It is planned to implement the CAS functions under a KSOS 
system operating in the computer, supporting the TTRF, This 
development will also address the TCP4 implementation, either 
directly or in the "torque— converter" mode of operation, 

B. Multi-Jurisdictional Security Protocols (Need-to-Know Controls) 
Problems to be solved: 

a. Need— to-fcnow (disjoint compartments) 

b. Handling the large number of users (1,000-5,000) 
anticipated in the next two to four years 

1. Approach 

As soon as a sufficient number of CASs are deployed, 
each participating agency will be required to register all 
of their own COINS users in a CAS system. The registration 
will be as though the user is a CAS subscriber and will in- 
clude a description of all COINS accessible services author- 
ized for that user by the user's home agency ^ The registra- 
tion will be made by (personnel under the supervision of) 
an identified Security Officer of the participating agency 
(that is, the agency’s ISS0) . 
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Agencies participating In COINS with Cone or more) 
server-host system that also home some or all of the user 
population of that agency will register their users of COINS 
on the HAS used to front-end the host(s). IAS users are 
registered on their TAS. Other network COINS users are 
registered on the COINS part of NAS. 

All registered COINS users will be known by an SNI. 

SNI groups will be assigned to each participating agency 
and managed by that agency on an on-site CAS or a CAS as- 
signed by the COINS PMO. 

The ISSO of the CAS in a sponsoring agency is responsible 
for establishing and maintaining the Server-Host /Access 
Authorization File (SH/AAF) in the CAS which identifies 
which using organizations in the COINS network or other 
networks can have access to specific files or services 
available in the CAS, the host, or network behind the CAS. 

The SH/AAF will be used to build and maintain the NSO's 
Master Authorization File (MAAF) in the Master TAS in the 
COINS PMO. The MAAF will be built and maintained on-line 
at the Master TAS either automatically or upon command of 
the NSO by retrieving a current copy of the SH/AAF from each 
CAS including the Master TAS. After the SH/AAF file has 
been received from each CAS, the MAAF is sorted by using 
organization and used by the NSO to establish the SH/AAF 
for each CAS. 
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C. BLACKER 

Problems to be salved: 

a. Closed Communities of Interest (COIs) in COINS. 

b. Mis route 

c. Malicious system software (not necessarily in COINS) . 

The BLACKER development is directed to providing a unique 

end-to-end encryption between an individual user and a process 
on a distant host. 

The initial BLACKER system, installed in the COINS-II network 
in April, 1980, is a prototype system. The two agencies parti- 
cipating in this program are NSA and NPIC. This involves the 
installation of a special front-end device and the installation 
of a specially-designed BLACKER Terminal Access System. 

1. Users operating from a remote terminal on the BLACKER 
terminal access system will be authenticated by a COMSEC 
system, and if properly authenticated, the user will be 
connected to the appropriate host in the network via a 
unique one-time secure communication path. Eventually, a 
badge reader must be associated with each terminal for user 
identification. The badge which is used for controlling 
access to a building and compartments within a -building 
will be used to control access to COINS-II via a remote 
terminal . 
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2. If a host misdirects an answer or response to a terminal, 
it cannot be read by the users at that term ina l because 
they will not hold the key, 

3* For routine purposes, the headings will be in the clear 
within a communications processor or TAS . The text will be 
encrypted and can be read only by the appropriate user/ 
terminal or system. The headers will be encrypted between 
communications systems; i.e., IMPS. 

D. BLACKER Applications 

System studies are required to find the best approach to 
altering the BLACKER prototype or using the basic BLACKER crypto- 
graphic equipment to make it compatible with the COINS network 
philosophy and ultimately to integrate it into an SNFE (see E. , 
below). Integration of BLACKER technology with the SNFE is 
treated tinder that program element. 

The principal potential application of BLACKER in COINS is 
in protecting the terminal to CAS link. While there is little 
or no requirement for such protection within the COINS network, 
there is a substantial requirement for terminal-to-access ring 
protection, particularly if COINS subscribers are going to be 
homed on networks about which little if anything is known. Thus 
use of BLACKER to encrypt from a terminal (user) to the user's 
home CAS provides considerable improvement in security for term! 
nals homed on other networks. BLACKER is also expected to offer 
a more economical host-to-host secure connection than that cur- 
rently provided by the PLIs being used to link CASs through 
ARPANET. 
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E. Secure Network Front-End 

There is a growing body of technology available to provide 
secure computing of various kinds; this Includes the BLACKER 
work and KSOS. In COINS, a generalized server-host front-end 
has been developed around the UNIX-based TAS . This is called 
HAS. HAS houses all of the current TAS functionality and a 
host-specific interface. This provides considerable flexibility 
in how the HAS can be employed; the range is from a simple net^ 
work interface (repository of network protocols) to a system 
that interfaces both the server-host and local terminals to the 
network and to each other. In both modes, the HAS can (and 
does) perform access authorization functions and in general act 
as a coarse security filter for its server-host.* 

In view of the broad range of functions a HAS could perform, 
the problem of "merging features of BLACKER, KSOS, and HAS into 
a single SNFE" is substantial. 

To some extent, the plan to put TAS under KSOS will provide 
an excellent start for an SNFE. It will provide per-process 
isolation and demonstrated secure multi-level partitions. 


*It is important to note that the reason HAS or any other similar 
system cannot perform a full security filter function is because 
the detailed security decisions (e.g., access limited to a single 
file or limited to a specific set of tags) are bound into the server- 
host application (e.g., SOLIS) in a way that cannot be broken out 
to be resolved at the time access is attempted. In a similar way, 
some security determination can only be done during the execution of 
a particular query. As a consequence, the HAS or any front-end can 
only screen out organizations/individuals who are not authorized any 
access to the application. 
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The principal problem to be solved in an SNFE design is 
how to partition the design and integrate the BLACKER and KSOS 
technologies into a system that can be used as an unintelligent 
SNFE (i.e. ,. one with network protocols only) but which could 
become the base of a more fully functional system such as a CAS 
by merely adding the additional software modules. 

F. Improved. User Identification and Authentication Techniques 

Problems to be solved: 

a. Reduce the burden of users having to learn different 
identification and authentication protocols for 
systems and networks In the community. 

While COINS has eliminated the problem of having to learn 
or know five to eight (or more) different log on and authentica- 
tion protocols within the COINS network, the COINS approach 
does not help analysts who must use other networks and systems 
besides COINS, particularly if they do not access the systems 
through COINS . 

While there is not at this time a satisfactory universal 
unique personal identification method or scheme, the possible 
use of magnetic stripe badge readers (with agency identification 
badges), or some similar scheme, will be explored in conjunction 
with the BLACKER project. A cost-benefit analysis will be made 
of the schemes tested and will be used to initiate future pro- 

i 

curement should the results be favorable. 
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G- Software Encryption In TAS/CAS 
Problems solved: 

a. Provides protection of passwords and personal 
files from accidental disclosure 

b. Provides privacy of personal files/messages 

1. Encrypted Personal Files 

Since TAS will continue to operate in a benign environ- 
ment for the foreseeable future, the encryption of personal 
files is more to provide user-controlled privacy than for 
security purposes. As in many aspects of system use, it 
should be possible to give the encryption capability selec- 
tively; i.e. , some users can have it as a function, others 
cannot . 

2. Encrypted Passwords 

The purpose of encrypted passwords is to prevent compro 
mise of a user's TAS log-on password from disclosure to TAS 
operations personnel. A traditional method of providing 
this protection is to store in the user's log-on file a 
password transformed (encrypted) by a one-way function. 

Upon log on, the plain text password submitted by the user 
is subjected to the one-way transformation and the result 
compared with that stored in the user's record. 

3. Surrog ate Log-On Protection 

The requirement for surrogate log-on protection is simi- 
lar to that needed for protecting the TAS log-on password. 

It is desirable to prevent compromise from TAS operations 
personnel 
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Unlike the TAS log-on password, the requirement is not 
met by a one-way transformation. A major question to be 
addressed is whether the entire AA File record for an in- 
dividual is to be protected or whether just the surrogate 
log-on passwords for SOLIS, IDS, etc., must be protected. 

It appears at this juncture that it will. only be possible 
to protect the Access Authorization Files (AAF) from TAS 
operations personnel if a protected cryptographic facility 
(e.g., BLACKER kesy generator or DES) were provided in the 
TASs and each host Cor CAS). To implement a scheme of 
encrypted files ([AAF) while providing essentially the same 
functionality to the administrative user (to create and 
maintain individual users) requires a host-to-terminal and 
host-to-host secure communications capability. The scheme 
and adaptation of the IBM key management model outlined in 
IBM Systems Journal, Vol. 17, No. 2 of 1978, would limit 
the exposure of AAF data in a TAS to the (single) individual 
who could set a Host Master (cryptographic) Key. This 
scheme would require both a crypto-facility (essentially a 
computer-controlled crypto-peripheral) and a KSOS foundation 
to provide adequate protection from TAS operations personnel. 

H. File Output Labeling 

Problems solved: 
a. Compliance with DCID 1/7. 
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At present, the COINS network carries security labels on 
the responses to batch queries. The security labels are used 
only to check the authority of the terminal and/or the user to 
receive the level of material contained in the answer. 

DCID 1/7 requires appropriate security labels to be 
applied to all classified materials. In order to comply with 
this requirement, it is necessary to provide security labels on 
all data bases and files in the COINS network. For those files 
associated with batch applications, the security labeling is 
provided by the server-host in compliance with TMA-3. In the 
case of SOLIS, security labeling is applied on a per— message/ 
record basis. Since SOLIS did not have a batch Interface re- 
quirement, there was no reason to implement TMA-3. With respect 
to attempting to implement proper security labeling of output 
in compliance with DCID 1/7 ^ for COINS, it is necessary to 
recognize the fact that TMA-3 is not an integral part of the 
interactive applications. 

I. Network Access Control to COINS 

Problems solved: 

a. Increased accessibility of COINS 

b. Reduced costs for connecting subscribers 

In general, it is assumed that the gateways will be on the 

* 

host-to-host form (access layer) as opposed to internet level 
gateways alone. The host-to-host form is suitable if it is 
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assumed that there is little or no requirement to provide 
end-to-end connections between subscribers homed on other net- 
works and a process on the COINS network. The proposals assume 
that a gateway-half concept will be used. This form has a 
natural appeal and addresses the ownership of the gateway and 
the contained network access control mechanism properly. In 
addition, as a principle, the notion of each network providing 
its own access control makes considerable sense. 

J. Network Security Officer Support 

a. Provide automated aids for security officer 
surveillance of network use 

Currently, System Security Officers (SSOs) , In those installs 

* 

tlons having them, get abstracts from the computer accounting 
logs where all major normal and potentially abnormal activity 
(e.g., unsuccessful log ons) are recorded. The unsuccessful 
log ons are just about the only major information received from 
most computers, even though other data may also be available 
(e.g., unauthorized file access attempts). Aside from the fact 
that the data recorded is not primarily for security purposes, 
the primary value of security audit logs currently derived 
from accounting data is retrospective analysis of attempts at 
external penetration. 

Th e basic approach to Security Exception Reporting ■ is to 
establish on a per-user (or per-file, application, or other 
controlled resource) basis a "profile" that characterizes 
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"normal" use of the resource. The profile can then he matched 
against actual use of a resource to determine whether any user 
activity is "out -of -range" with respect to the profile. Such 
out-of-range activity can be reported as an exception requiring 
further investigation, or it can be the basis for detailed 
analysis of users’ actions to determine whether the activity 
is authorized. 

A prototype system exists on a commercial network that could 
be the basis for a similar system for COINS. Development of 
such a system will require much of the access ring in place to 
be effective. 

K. Network Security Architecture 

Problems solved : 

a. Continued long-range security pl annin g 

b. Identification of netwrk security needs. 

c. Tracking of security developments for 
application to the COINS network 

During the history of COINS, there has been a requirement 
for a continued, long-term planning and study activity concerned 
with COINS security issues. 

A single, continuing task is involved to continue to survey 
the security needs of the network and make recommendations for 
the solution of security problems uncovered . 
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early Investigations will begin in 1981. System studies, 
integrating the results of the BLACKER evaluation and the re- 
quirements for internetworking will identify the best way of 
using BLACKER in COINS and suggested system alteration for 
BLACKER. _ 

E. Secure Network Front-End 

No work has been initiated on this project, 

E- User Identification and Authentication Techniques 

The identification of a badge reader system ha s been made 
and it is expected that a reader will be acquired by early 
FT 1981 to integrate 'with the BLACKER test. The utility of the 
badge reader as an improvement in user identification and authenr- 
tication will be evaluated. 

G. Software Encryption in TAS/CAS 

No work has been done on encrypted personal files to date. 

The application of the Crypt function of UNIX7 will be evaluated 
in this role. 

No work has been done to implement encrypted passwords in 
COINS to date. It requires the development of an adequate 
one-way transformation, and its integration in the log-on 
process. Some work has been done on this process in UNIX^^. 

Due to the uncertainties of BLACKER and KSOS deployment in 
COINS, no work is planned for dealing with surrogate log-on 
protection at this time. 
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H. File Output Labeling 

In order to determine the most effective, minimum— cost 
solution to this particular problem, it will be necessary to 
establish network standards for labeling of output. Standards 
already exist in TMA-3 but these will have to be updated and 
possibly modified to accommodate systems that are intrinsically 
interactive but which may be treated as though they are batch. 

No work has been done on this task to date. 

I. Network Access Control to COINS 

At present, a tailored gateway to ARPANET is provided to 
interface the PAC0M TAS. A "one-way" tailored gateway from 
PLATFORM to COINS is also being developed. 

A generalized gateway to COINS is planned using the concept 
developed by CSC of the gateway -half . The development of 
the generalized gateway will focus on what kind and how much 
functionality to put into the gateway (e.g., security functions, 
register users, etc.). 

J. NSO Support 

There is no current development to support the NSO. Aspects 
of operating as the NSO and TASMASTER are being explored as 
part of a general TAS upgrade effort. 

The security surveillance system and monitoring tools will 
be defined and evaluated starting FT 1982. The entire develop- 
ment should be complete by the end of FY 1984. 
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K. Network Security Architecture 

This function is currently being performed by one of the 
COINS PMO contractors in association with the NSO. It is planned 
to continue this function as long as the network requires it. 

VII. RESOURCES AND SCHEDULE 

The following tables show the funds budgeted, programmed or 
planned to procure, develop. Implement, and maintain the hardware 
and software for COINS network security. 

A. KS0S/TCP4 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 

— 

— 

— 

— 




Procurement 

— 

. — 

— 

— 

— 

— 

_ 

RDT&E 

60 

'200 

80 

40 

— 

I 

— 

TOTAL 

60 

200 

80 

40 

— 

— 

— 

' 1000 of Dollars 




The RDT&E Funds for 1980 are for the Impact study. Funds 
for FY81-82 are for partitioning of the TAS functions and for 
Integrating KSOS and TAS. The FY83 funding is to evaluate the 
cost benefits of using the KS0S/TCP4 combination in COINS. 
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Jurisdictional Security Protocols 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 

— 


— 

— 

— 



Procurement 

— 

— 

— 

— 

— 

— 

— 

RDT&E 


— 

— 

100 

50 

— 

— 

TOTAL 

— 


— 

100 

50 

— 

— 

1000 of Dollars 




The RDT&E funds for FY83-84 are to develop and install the 
software that collects the individual CASs, AAFs, and redistrib- 
utes the sorted access authorizations to all access ring systems 

C. BLACKER ’• 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 

— 

— 

— 

— 

— 



Procurement 

— 

80 

250 

— 

— 

— 

_ 

RDT&E 

25 

108 

50 

' 

— 

. 

— 

TOTAL 

25 

188 

300 

— 

— 

— 

— 




1000 

of Dollars 




The RDT&E funds in FY80 through FY82 are to test the opera 
user acceptance of BLACKER. The procurement funds are 
to acquire another BLACKER front-end for SOLIS and additional 
personal identification and authentication hardware. 
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D. BLACKER Application 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 

— 

— 

— 

— 

— 

— 

— 

Procurement 

— 

— 

— 

— 

— 

— 

— 

RDT&E 

— 

25 

50 

75 

— 

— 

— 

TOTAL 

’ 

25 

50 

75 

— 

— 

— 




1000 

of Dol] 

Lars ' 1 


The RDT&E funds over FY81-83 are for studies on how best 
to use or adapt BLACKER for COINS use. 

E. Secure Network Front-End 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 

Procurement 

RDT&E 

— 

— 

— 

180 

350 

? 

300 

130 

TOTAL 


— 

— 

180+ 

350+ 

300 

130 

1000 of Dol] 

Lars 


The FY83 RDT&E funds are for the development of comprehen- 
sive specifications for a front-end suitable for use in the 
several networks expected to be available in the mid- to late 
1980's. A portion of the FY83 funds is expected to be used to 
identify a suitable candidate hardware to implement the result. 
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During F784, the RDT&E emphasis will be. on studies and 
specifications for partitioning the front-end functions and 
integrating BLACKER and KSOS. The funds for FY85 and FY86 
are for the development of a prototype for demonstration and 
evaluation. An undetermined amount of funds for procuring 
a suitable hardware base for the development will be required 
in FY84 and FY85. 

F. Improved User Identification and Authentication 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

1786 

O&M 

— 

— 

— 

— 

— 

— 

— 

Procurement 

50 

— 

— 

— 

— 

— 

— 

RDT&E 

— 

50 

25 

25 

25 

• S n 

CM 

25 

TOTAL 

50 

50 

1 

25 

25 

25 

25 

25 

! 1000 of Do] 

.lars | 


The procurement funds for FY80 are for a suitable badge 
reader. The RDT&E funds for FY81 are for interfacing it with 
BLACKER terminals. The balance of the RDT&E funds (FY82-86) 
are for evaluation and low-level tracking of new technology 
applicable to the problem. 
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G. Software Encryption 


FY80 | FY81 | FY82 | FY83 | FY84 | FY85 I FY86 


O&M 

Procurement 

RDT&E 


TOTAL 



1000 of Dollars 


The RDT&E funds in FY81 are for the testing and additional 
development of the Crypt function in UNXX7 and the one-way 
encryption algorithm(s) for application to log-on protection. 

3. File Output Labeling 


FY80 

| FY81 

I FY82 | 

1 FY83 


FY85 I FY86 


0&M 

Procurement 

RDT&E 


TOTAL 



1000 of Dollars 


The FY81 RDT&E funds are for the system study of where the 
output labeling is most effectively done (for all of the 
various possibilities in COINS) and a design of how to do it. 

In FY82 and 83, the design will be implemented and tested. 
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X... Network Access Control to COINS 


FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY85 


O&M 

Procurement 

RDT&E 


TOTAL 


300 

150 300 100 


150 600 100 


1000 of Dollars 


The FY82 RDT&E funds are for a detailed design of a gener- 
alized gateway suitable for use with PLATFORM, IDHSC, AUTODIN II 
etc. The FY83 and 84 RDT&E funds are for the Implementation 
and test of the design. The procurement funds are for the 
acquisition of a suitable gateway machine. 

J. NSO Suooort 


FY80 FY81 FY82 


O&M 

Procurement 

RDT&E 


TOTAL 


1000 of Dollars 


The RDT&E funds for FY82 through FY84 are to establish 
the detailed requirements for an NSO monitoring and surveillance 
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system. Implement and test the system* The O&M funds, FY84 
through FY86, are for the development: of additional NSO tools 
. 'tjgi assist in the security monitoring of the network and its use 


K. Security Architecture 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

O&M 

— 

— 

— 

— 

— 

— 

— 

Procurement 

— 

— 

— 

— 

— 

— 

— 

’ RDT&E 

50 

50 

50 

50 

50 

50 

50 

TOTAL 

50 

50 

50 

50 

50 

50 

50 

1000 of Dollars 1 


The RDT&E funds shown are to provide continued contractor 
support over the period shown. 


SUMMARY OF COSTS 



FY80 

FY81 

FY82 

FY83 

FY84 

FY85 

FY86 

0&M 

— 

— 

— 

— 

50 

50 

50 

Procurement 

50 

80 

250 

300 

— 

— 

— 

RDT&E 

135 

543 

535 

895 

600 

375 

205 

TOTAL 

185 

623 

785 

1195 

650 

425 

255 

X $1000 1 
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